On Wed, 5 Jan 2022 at 15:24, Rui Salvaterra wrote:
>
> /dev is writeable. Allowing execution inside it makes it a possible attack
Bah. I just noticed a typo in the commit message. I also have a
/dev/pts mount cleanup queued, so I'll resend as a series of two
patches.
/dev is writeable. Allowing execution inside it makes it a possible attack
vector. Kees Cook recently sent a kernel patch [1] in order to mount /dev as
noexec and nosuid for systems which rely on CONFIG_DEVTMPFS_MOUNT=y to
create/populate /dev, which isn't our case (it's procd's responsibility).
A
