On Sun, Jun 10, 2007 at 06:56:45PM +0200, Martin Husemann wrote:
> On Sun, Jun 10, 2007 at 11:39:17AM -0500, Peter Seebach wrote:
> > On my system, at least, it's not that they're the default -- it's that
> > they're *not* the default, but without them, mount fails with EPERM.
> 
> Yes, I think this has been discussed quite some time ago on tech-kern.

 You're talking about the "mount(2) on kauth(9)" conversation, around
the beginning of January, right?

Looking at what changed there, I see that the previous code did this:

-	 * For non-root users, silently enforce MNT_NOSUID and MNT_NODEV.
-	 */
-	if (kauth_cred_geteuid(l->l_cred) != 0) {
-		flags |= MNT_NOSUID | MNT_NODEV;
-	}

Which clearly doesn't include noexec.  Or does that get enforced somewhere
else?

eric