I am required to remove the suid bit on several mounted filesystems. I'd like to
know what y'all think will happen if I do that.
The file systems are:
none on /sys type sysfs (rw)
usbfs on /proc/bus/usb type usbfs (rw)
/dev/sda1 on /boot type ext3 (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
/sys and /dev/sda1 are found in /etc/fstab. I need to change
LABEL=/boot /boot ext3 defaults 1 2
none /sys sysfs defaults 0 0
to
LABEL=/boot /boot ext3 rw,nosuid,dev,exec,auto,nouser,async 1 2
none /sys sysfs rw,nosuid,dev,exec,auto,nouser,async 0 0
I think binfmt_misc is mounted from /etc/rc.sysinit. I *think* I'd need to change
/bin/mount -t binfmt_misc none /proc/sys/fs/binfmt_misc > /dev/null 2>&1
to
/bin/mount -t binfmt_misc -o noexec none /proc/sys/fs/binfmt_misc > /dev/null 2>&1
The rpc_pipefs is in /etc/modprobe.conf.dist and the mount line is:
install sunrpc /sbin/modprobe --first-time --ignore-install sunrpc && {
/bin/mount -t rpc_pipefs sunrpc /var/lib/nfs/rpc_pipefs > /dev/null 2>&1 || :; }
which I assume I'd have to change as for binfmt_misc above.
The usb mount is in /etc/rc.sysinit. There are two lines:
mount -n -t proc /proc /proc
[ -d /proc/bus/usb ] && mount -n -t usbfs /proc/bus/usb /proc/bus/usb
mount -f /dev/pts
[ -f /proc/bus/usb/devices ] && mount -f -t usbfs usbfs /proc/bus/usb
I haven't a clue as to how to modify these without breaking something.
Any comments?
Bill Tangren
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
