Subject: Re: normal user can bypass mount 'noexec' flags
To: Manuel Bouyer <>
From: Jason Thorpe <>
List: tech-security
Date: 03/11/1999 11:19:09
On Thu, 11 Mar 1999 17:12:55 +0100 
 Manuel Bouyer <> wrote:

 > 2- user mounts inherit the noexec flag from the target directory's partition.
 >    The mount has to be done on a directory owned by this user, which means
 >    he can write to this partition. If he can execute a file copied to this
 >    partition as well, they're no security compromise by allowing it to
 >    execute a binary on the partition he mounted (unless I missed something).
 > 1- will work, for sure. I think 2 should work too, and it is what I will
 > try to implement.
 > Does someone see if I missed something ?

See my response the the PR (on tech-kern).  It should not be limited to
"users".  Stacked mounts (nullfs, and the dmfs that Bill Studenmund is
working on) should inherit all appropriate mount flags from the bottom
layer -- dynamically.  I.e. if I do a MNT_UPDATE on the bottom layer, the
top (stacked) layer should have its flags updated to match.

        -- Jason R. Thorpe <>