units: add nosuid and nodev options to tmp.mount (#3575)

This makes privilege escalation attacks harder by putting traps and exploits into /tmp. https://bugs.debian.org/826377
2016-06-22 12:32:59 +02:00 · 2016-06-22 12:32:59 +02:00 · 2f9df7c96a
parent e382c49f1d
commit 2f9df7c96a
1 changed files with 1 additions and 1 deletions
--- a/units/tmp.mount.m4
+++ b/units/tmp.mount.m4
@ -19,4 +19,4 @@ After=swap.target
 What=tmpfs
 Where=/tmp
 Type=tmpfs
-Options=mode=1777,strictatime
+Options=mode=1777,strictatime,nosuid,nodev