tech-security: Re: normal user can bypass mount 'noexec' flags

Subject: Re: normal user can bypass mount 'noexec' flags
To: None <tech-security@netbsd.org>
From: Erik E. Fair <fair@clock.org>
List: tech-security
Date: 03/11/1999 11:48:34

Two questions:

1. What is 'noexec' usually used to prevent?

2. If a user can bypass 'noexec', what does this enable that is a problem
from a security perspective?


The two answers that come to me for #1 are:

prevent execution of binaries from another architecture on an NFS server.

prevent execution of binaries from removable media.


For that second scenario, there exists a serious problem of setuid binaries
that were not installed by the system administrator which might do
anything. However, this problem has been with UNIX for a very long time,
and no responsible system administrator allows J-Random users to mount
external media for exactly that reason.

This is not to say that we shouldn't fix this. Quite the contrary. I'm just
trying to understand the nature of the exposure better.

	Erik <fair@clock.org>