units: add nosuid and nodev options to tmp.mount (#3575)

This makes privilege escalation attacks harder by putting traps and exploits into /tmp. https://bugs.debian.org/826377
author: Martin Pitt <martin.pitt@ubuntu.com> 2016-06-22 12:32:59 +0200
committer: Lennart Poettering <lennart@poettering.net> 2016-06-22 12:32:59 +0200
commit: 2f9df7c96a25adb42093ee3ee201577f3e01da42 (patch)
tree: c8388097e3ef6a517d793674a45a65fa3fcf6f55
parent: e382c49f1dfe172cc14651fd0908da6ebf12ef53 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/units/tmp.mount.m4 b/units/tmp.mount.m4
index 1448bd268a..0baecfd22f 100644
--- a/units/tmp.mount.m4
+++ b/units/tmp.mount.m4
@@ -19,4 +19,4 @@ After=swap.target
 What=tmpfs
 Where=/tmp
 Type=tmpfs
-Options=mode=1777,strictatime
+Options=mode=1777,strictatime,nosuid,nodev
author	Martin Pitt <martin.pitt@ubuntu.com>	2016-06-22 12:32:59 +0200
committer	Lennart Poettering <lennart@poettering.net>	2016-06-22 12:32:59 +0200
commit	2f9df7c96a25adb42093ee3ee201577f3e01da42 (patch)
tree	c8388097e3ef6a517d793674a45a65fa3fcf6f55
parent	e382c49f1dfe172cc14651fd0908da6ebf12ef53 (diff)