[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: mount --bind and -o [re: nosuid/noexec/nodev handling]

On Mon, Oct 15, 2001 at 09:53:24AM +0300, Ville Herva wrote:
> > On Mon, 15 Oct 2001, Bernd Eckenfels wrote:
> > 
> > > In article <20011014185908.P1074@niksula.cs.hut.fi> you wrote:
> > > >> mount --bind /home/luser /home/luser
> > > >> mount -o remount,noexec /home/luser
> > > 
> > > Thats nice! For example on Debian GNU/Linux one can mount /var with noexec
> 
> Yes, it is very useful, and I keep finding new uses for it all the time.
> 
> Sadly, userspace support for it is not perfect; for example cp/rsync
> --one-filesystem does not see --bind mount point as a filesystem boundary.

What exactly does this accomplish? Looks like it suffers from the
normal uselessness of noexec for anything other than trivial sanity
checks (ie: you can just execute the interpreter and pass the name of
the +x file to it).

nosuid and nodev are another matter.

-- 
  .''`.  ** Debian GNU/Linux ** | Andrew Suffield
 : :' :                         | Dept. of Computing,
 `. `'                          | Imperial College,
   `-    http://www.debian.org/ | London, UK
Reply to: