On Thu, 11 Mar 1999 16:52:50 +0100 (MET) 
 Manuel Bouyer <bouyer@antioche.lip6.fr> wrote:

 > >Description:
 > 	It is possible for a normal user to bypass the 'noexec' mount flag,
 > 	by using a null mount on a directory owned by itself.

YOW!

 > >Fix:
 > 	Workaround: assure no regular user can execute a binary in a partition
 > 	they can write (what's the purpose of 'noexec' otherwise ?), and
 > 	supress read/execute permissions on /sbin/mount_* for all but owner.

nullfs mounts (and any other `stacked' types... HI WRSTUDEN! :-) should
inherit `noexec', `nosuid', etc. attributes from the bottom layer.  If
those attributes are changed, the stacked mount should notice.

 > 	A long term fix needs to change the semantic of mount for non-root
 > 	users: 
 > 	- mounts for non-root users are always 'noexec' (as they already are
 > 	  'nodev, nosuid'), possibly dependant on the kernel security level

No, that's lame... I might, for example, have shell scripts on the floppy
that I mount in my laptop (and ttyaction chowns the floppy drive to me
when I log in).

 > 	- or inherit the noexec flag from the partition the target directory
 > 	  will be mounted on.

...yes :-)  And `nosuid' and `nodev', etc. :-)

        -- Jason R. Thorpe <thorpej@nas.nasa.gov>