Closed Bug 761265 Opened 12 years ago Closed 12 years ago

Default mount hardening

Categories

(Firefox OS Graveyard :: General, defect)

Product:
Firefox OS Graveyard
Component:
General
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: kang, Unassigned)

Details

Default mounts should be tighter, especially that we do not need permissions as wide (or as many mounts) as Android requires. (note: those mounts options are not currently required for the recovery mode, defaults are fine)

This reduces the attack surface at the file system level.

The proposed minimum mounts and their options are documented at https://wiki.mozilla.org/B2G/Architecture/Runtime_Security#OS_Hardening

Additional options may be present such as "relatime, barrier=1, data=ordered", etc. but there should be no fewer options.
Additional mounts that are not in use should be removed, such as:

/mnt/sdcard/.android_secure
/sys/kernel/debug
/mnt/secure/asec
/mnt/asec
/mnt/obb

Most mounts are performed in /init*rc. /system has to be mounted rw, then remounted ro (already performed by Android scripts). It is acceptable to have all the mounts "fixed up" in /init.rc or /init.b2g.rc as well.


I have tested this setup with the current B2G build from source, on my Nexus S. Please let me know if there is any concern with these options or mounts.

Thanks!
Guillaume,

Since this is not part of gecko, please file these bugs as github issues.

thanks!
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
Resolution: WONTFIX → INVALID
You need to log in before you can comment on or make changes to this bug.