Subject: Re: normal user can bypass mount 'noexec' flags
To: Wolfgang Solfrank <email@example.com>
From: Manuel Bouyer <firstname.lastname@example.org>
Date: 03/11/1999 17:52:17
On Mar 11, Wolfgang Solfrank wrote
> Another option (more obvious to me at least) would be to inherit the noexec
> attribute from the source. One disadvantage I can see with this is that
> the code for it would have to be in all the various loopback mounts (nullfs,
> unionfs, ...) and cannot be placed in the filesystem independent code
> before calling the fs-specific mount.
Another disavantage is that this doesn't work for mount_ffs, mount_msdos, ...
If the target directory is owned by the user and files in it can be executed,
then mount_null doesn't allow more things than it should.
Manuel Bouyer, LIP6, Universite Paris VI. Manuel.Bouyer@lip6.fr