Date: Mon, 3 Jun 2013 23:24:38 +0200 From: Eitan Adler <eadler@freebsd.org> To: Chris Rees <utisoft@gmail.com> Cc: svn-doc-head@freebsd.org, Tom Rhodes <trhodes@freebsd.org>, svn-doc-all@freebsd.org, doc-committers@freebsd.org Subject: Re: svn commit: r41813 - head/en_US.ISO8859-1/books/handbook/basics Message-ID: <CAF6rxgnY2=egW4eWd_1s8h_Bctr7XztxxY8tpLZCu1JXvh71uw@mail.gmail.com> In-Reply-To: <CADLo839J4617BexxpvZ_1fH6sM4zg5pdSYkLe51j9dET8bKY=w@mail.gmail.com> References: <201306011544.r51FijdA036793@svn.freebsd.org> <20130603075528.31629010.trhodes@FreeBSD.org> <CAF6rxg=45Rz2spT5JWq8fHWx0T1EOFJ4dxNx5PimB%2BJyQE%2BwQw@mail.gmail.com> <CADLo839J4617BexxpvZ_1fH6sM4zg5pdSYkLe51j9dET8bKY=w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 3 June 2013 16:24, Chris Rees <utisoft@gmail.com> wrote: > > On 3 Jun 2013 13:50, "Eitan Adler" <eadler@freebsd.org> wrote: >> >> On 3 June 2013 13:55, Tom Rhodes <trhodes@freebsd.org> wrote: >> > On Sat, 1 Jun 2013 15:44:45 +0000 (UTC) >> > Eitan Adler <eadler@FreeBSD.org> wrote: >> > >> >> Author: eadler >> >> Date: Sat Jun 1 15:44:45 2013 >> >> New Revision: 41813 >> >> URL: http://svnweb.freebsd.org/changeset/doc/41813 >> >> >> >> Log: >> >> The man page for mount(1) and the handbook disagree on the security >> >> value of 'noexec'. The man page is correct. >> >> >> >> Modified: >> >> head/en_US.ISO8859-1/books/handbook/basics/chapter.xml >> >> >> >> Modified: head/en_US.ISO8859-1/books/handbook/basics/chapter.xml >> >> >> >> ============================================================================== >> >> --- head/en_US.ISO8859-1/books/handbook/basics/chapter.xml Sat Jun >> >> 1 15:37:57 2013 (r41812) >> >> +++ head/en_US.ISO8859-1/books/handbook/basics/chapter.xml Sat Jun >> >> 1 15:44:45 2013 (r41813) >> >> @@ -1790,15 +1790,6 @@ root 5211 0.0 0.2 3620 1724 2 >> >> >> >> <variablelist> >> >> <varlistentry> >> >> - <term>noexec</term> >> >> - >> >> - <listitem> >> >> - <para>Do not allow execution of binaries on this file >> >> - system. This is also a useful security option.</para> >> >> - </listitem> >> >> - </varlistentry> >> >> - >> >> - <varlistentry> >> >> <term>nosuid</term> >> >> >> >> <listitem> >> > >> > Why not fix rather than remove? >> >> This is not really a 'common' mount option to use. > > I use it on /tmp all the time; isn't it a nice thing to explain? It is useful to avoid mistakes as the man page says ' This option is useful for a server that has file systems containing binaries for architectures other than its own.' I think explaining noatime is more important than explaining noexec. That said, this is a bikeshed argument. Please feel free to add a proper explanation of when noexec should be used. I will have no objection to that. -- Eitan Adler Source, Ports, Doc committer Bugmeister, Ports Security teams
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAF6rxgnY2=egW4eWd_1s8h_Bctr7XztxxY8tpLZCu1JXvh71uw>