Subject: Re: kern/7129: normal user can bypass mount 'noexec' flags
To: Jason Thorpe <email@example.com>
From: Manuel Bouyer <firstname.lastname@example.org>
Date: 03/11/1999 20:29:39
On Mar 11, Jason Thorpe wrote
> nullfs mounts (and any other `stacked' types... HI WRSTUDEN! :-) should
> inherit `noexec', `nosuid', etc. attributes from the bottom layer. If
> those attributes are changed, the stacked mount should notice.
I'm not sure everybody would want this. I actually use nullfs to gain
privileges: on my server my home partition is mounted 'noexec'. I
occasionally use nullfs to mount a portion of the tree I have on this partition
so that I can compile a package that need execution rigths.
Of course I do the mount as root.
> > A long term fix needs to change the semantic of mount for non-root
> > users:
> > - mounts for non-root users are always 'noexec' (as they already are
> > 'nodev, nosuid'), possibly dependant on the kernel security level
> No, that's lame... I might, for example, have shell scripts on the floppy
> that I mount in my laptop (and ttyaction chowns the floppy drive to me
> when I log in).
Actually, it was agreed that this was not the rigth solution.
At securelevel 2 new mounts are disabled anyway.
> > - or inherit the noexec flag from the partition the target directory
> > will be mounted on.
> ...yes :-) And `nosuid' and `nodev', etc. :-)
nosuid and nodev are already forced for user mounts.
Manuel Bouyer, LIP6, Universite Paris VI. Manuel.Bouyer@lip6.fr