tech-security: Re: normal user can bypass mount 'noexec' flags

Subject: Re: normal user can bypass mount 'noexec' flags
To: None <tech-security@netbsd.org>
From: Guenther Grau <Guenther.Grau@bk.bosch.de>
List: tech-security
Date: 03/11/1999 21:18:18

"Erik E. Fair" wrote:
> 
> Two questions:
> 
> 1. What is 'noexec' usually used to prevent?
> 
> 2. If a user can bypass 'noexec', what does this enable that is a problem
> from a security perspective?
> 
> The two answers that come to me for #1 are:
> 
> prevent execution of binaries from another architecture on an NFS server.
> 
> prevent execution of binaries from removable media.
> 
> For that second scenario, there exists a serious problem of setuid binaries

setuid binaries are taken care of by nosuid, which will be enfored when
J-Random user does a mount.

noexec means that you don't want someone to execute a binary at all.
This is useful in case you don't wan't _ANY_ uncontrolled binaries
on your system by J-Random. This is to improve security.

  Guenther