Subject: Re: kern/7129: normal user can bypass mount 'noexec' flags
To: Jason Thorpe <>
From: Manuel Bouyer <>
List: tech-kern
Date: 03/11/1999 20:29:39
On Mar 11, Jason Thorpe wrote
> nullfs mounts (and any other `stacked' types... HI WRSTUDEN! :-) should
> inherit `noexec', `nosuid', etc. attributes from the bottom layer.  If
> those attributes are changed, the stacked mount should notice.

I'm not sure everybody would want this. I actually use nullfs to gain
privileges: on my server my home partition is mounted 'noexec'. I
occasionally use nullfs to mount a portion of the tree I have on this partition
so that I can compile a package that need execution rigths.
Of course I do the mount as root.

>  > 	A long term fix needs to change the semantic of mount for non-root
>  > 	users: 
>  > 	- mounts for non-root users are always 'noexec' (as they already are
>  > 	  'nodev, nosuid'), possibly dependant on the kernel security level
> No, that's lame... I might, for example, have shell scripts on the floppy
> that I mount in my laptop (and ttyaction chowns the floppy drive to me
> when I log in).

Actually, it was agreed that this was not the rigth solution.
At securelevel 2 new mounts are disabled anyway.

>  > 	- or inherit the noexec flag from the partition the target directory
>  > 	  will be mounted on.
> ...yes :-)  And `nosuid' and `nodev', etc. :-)

nosuid and nodev are already forced for user mounts.

Manuel Bouyer, LIP6, Universite Paris VI.