Package: fsprotect Version: 1.0.4 Severity: grave Tags: security fsprotect mounts an aufs filesystem composed of: 1. a tmpfs 2. the original underlying file system
The union filesystem should initially be identical to the original underlying filesystem and diverge slowly as changes are made. But the root directory of the new union filesystem always has mode 1777 (rwxrwxrwt) instead. This is because new tmpfs filesystems use that mode for their root directory by default. This is particularily alarming when fsprotect is used on the root filesystem because / comes up like this at every boot! $ ls -ld / drwxrwxrwt 7 root root 160 2009-12-18 21:40 . The solution should be to inherit the mode of the tmpfs root directory from the mode of the original underlying filesystem's root directory, using the "mode" mount option for tmpfs. (It might be advisible to inherit the uid & gid too.) -Phil -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
