Subject: Re: normal user can bypass mount 'noexec' flags
To: None <>
From: John Kohl <>
List: tech-security
Date: 03/11/1999 17:12:36
>>>>> "JT" == Jason Thorpe <> writes:

JT> See my response the the PR (on tech-kern).  It should not be limited to
JT> "users".  Stacked mounts (nullfs, and the dmfs that Bill Studenmund is
JT> working on) should inherit all appropriate mount flags from the bottom
JT> layer -- dynamically.  I.e. if I do a MNT_UPDATE on the bottom layer, the
JT> top (stacked) layer should have its flags updated to match.

Well, you probably want to (in the case of nullfs) consider the flags
both on the mounted-from directory and mounted-on-top-of directory, I
think...  if I could copy a binary to a directory, but couldn't execute
it from there, why should mounting atop it give me execute rights?
Perhaps by doing this I can launch a trojan attack somehow...

==John Kohl <>, <>
Write a poem, share your heart!
Home page: <>
Note new home zip code as of July 1, 1998: 02476