units: add nosuid and nodev options to tmp.mount (#3575)
This makes privilege escalation attacks harder by putting traps and exploits into /tmp. https://bugs.debian.org/826377
This commit is contained in:
parent
e382c49f1d
commit
2f9df7c96a
|
@ -19,4 +19,4 @@ After=swap.target
|
||||||
What=tmpfs
|
What=tmpfs
|
||||||
Where=/tmp
|
Where=/tmp
|
||||||
Type=tmpfs
|
Type=tmpfs
|
||||||
Options=mode=1777,strictatime
|
Options=mode=1777,strictatime,nosuid,nodev
|
||||||
|
|
Loading…
Reference in a new issue