Subject: Re: kern/7129: normal user can bypass mount 'noexec' flags
To: Bill Sommerfeld <email@example.com>
From: Bill Studenmund <firstname.lastname@example.org>
Date: 03/11/1999 15:28:30
On Thu, 11 Mar 1999, Bill Sommerfeld wrote:
> Here's the interface I think makes sense for fixing this:
> .. returns the ored-together mount flags of the filesystem vp and any
> filesystems vp is stacked on..
> implementation for "leaf" filesystems just looks in the vfs structure.
> mount_null, etc., or's its bits together with the one of the
> underlying vnode..
I think it would be simpler to just add the smarts into the mount
commands. If each one along the way starts with the underlying fs's flags,
adds ones it considers important, and only lets root delete flags, then we
should be fine.
The concern I have with this proposal is that I think root should be able
to do whatever root deems appropriate. By enforcing the or'ing, root