Re: mount --bind and -o [re: nosuid/noexec/nodev handling]
On Mon, Oct 15, 2001 at 09:53:24AM +0300, Ville Herva wrote:
> > On Mon, 15 Oct 2001, Bernd Eckenfels wrote:
> >
> > > In article <20011014185908.P1074@niksula.cs.hut.fi> you wrote:
> > > >> mount --bind /home/luser /home/luser
> > > >> mount -o remount,noexec /home/luser
> > >
> > > Thats nice! For example on Debian GNU/Linux one can mount /var with noexec
>
> Yes, it is very useful, and I keep finding new uses for it all the time.
>
> Sadly, userspace support for it is not perfect; for example cp/rsync
> --one-filesystem does not see --bind mount point as a filesystem boundary.
What exactly does this accomplish? Looks like it suffers from the
normal uselessness of noexec for anything other than trivial sanity
checks (ie: you can just execute the interpreter and pass the name of
the +x file to it).
nosuid and nodev are another matter.
--
.''`. ** Debian GNU/Linux ** | Andrew Suffield
: :' : | Dept. of Computing,
`. `' | Imperial College,
`- http://www.debian.org/ | London, UK
Reply to: