default SUID for umount (un-mount) may be incorrect #284

the-moog · 2024-12-06T01:33:49Z

As it is required for systemd --user mount units, I think the default configuration for permission hardening of
umount should be in the same file as mount in the file /etc/permission-hardener.d/25_default_whitelist_mount.conf.

It's bugged me for ages why network mounts can't restart. Just realised why.

Also (not sure what it's supposed to be) but in the same file, I see mode 745 on mount which means group members can't execute it but anybody else can. Surely it should be 755 or 744? I assume this is as shipped as I've never changed it?

The text was updated successfully, but these errors were encountered:

adrelanos · 2024-12-06T14:46:06Z

Ok, seems logical to treat mount and umount the same way.

, I see mode 745 on mount which means group members can't execute it but anybody else can.

Everyone includes group members. Therefore very minor issue.

Surely it should be 755 or 744?

755 seems good.

#284

adrelanos · 2024-12-06T14:51:21Z

See #285

adrelanos added a commit that referenced this issue Dec 6, 2024

permission hardener mount chmod change from 745 to 755

93b5181

#284

adrelanos mentioned this issue Dec 6, 2024

Permission Hardener: treat mount same as umount #285

Merged

4 tasks

adrelanos closed this as completed in #285 Dec 14, 2024

adrelanos closed this as completed in 5b88e92 Dec 14, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

default SUID for umount (un-mount) may be incorrect #284

default SUID for umount (un-mount) may be incorrect #284

the-moog commented Dec 6, 2024

adrelanos commented Dec 6, 2024

adrelanos commented Dec 6, 2024

default SUID for umount (un-mount) may be incorrect #284

default SUID for umount (un-mount) may be incorrect #284

Comments

the-moog commented Dec 6, 2024

adrelanos commented Dec 6, 2024

adrelanos commented Dec 6, 2024