[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: mounting /tmp noexec

> > > noexec has no good purpose, really.  But it's intention was for
> > > networked filesystems in certain environments, not a generalized
> > > security tool.
> > 
> > It's very useful for mounting filesystems like vfat, where otherwise
> > all the files are marked executable which makes mc a PITA to use for
> > examining archive files (mc tries to execute them!).
> Ah, interesting. ;)  Of course, that isn't a security related reason.

It's just wrong.

If you will mount filesystem with noexec option (try!) files may have
'x' permission. And they can *look* executable (e.g. on vfat partition
you will see all files 'executable', as usual).  The only difference is
that if you will try to execute such file you will get 'permission
denied' error message. But mc will try to execute every file :)

[terrapin] 08:46:52 ~$ sudo mount -o remount,noexec /tmp 
[terrapin] 08:47:11 ~$ touch /tmp/a
[terrapin] 08:47:14 ~$ chmod +x /tmp/a
[terrapin] 08:47:17 ~$ ls -l /tmp/a
-rwxr-xr-x    1 alexey   alexey          0 ñÎ×  3 08:47 /tmp/a
[terrapin] 08:47:21 ~$ /tmp/a
bash: /tmp/a: Permission denied
[terrapin] 08:47:25 ~$ 


"Python is executable pseudocode, Perl is executable line-noise."

Reply to: