Date: Sun, 22 Sep 2013 21:29:20 +0200 From: Mateusz Guzik <mjguzik@gmail.com> To: Ian Lepore <ian@FreeBSD.org> Cc: Freebsd current <freebsd-current@FreeBSD.org>, Larry Rosenman <ler@lerctr.org> Subject: Re: exec on /usr/src? Message-ID: <20130922192920.GA7873@dft-labs.eu> In-Reply-To: <1379864515.1197.102.camel@revolution.hippie.lan> References: <4fba59fe23c1e48e95548e377d8ff368@webmail.lerctr.org> <1379864515.1197.102.camel@revolution.hippie.lan>
index | next in thread | previous in thread | raw e-mail
On Sun, Sep 22, 2013 at 09:41:55AM -0600, Ian Lepore wrote: > On Sun, 2013-09-22 at 09:37 -0500, Larry Rosenman wrote: > > Is it intended that we need to set exec=on for /usr/src after the > > include/mk-osreldate.sh addition? > > > > > > Are you saying you have /usr/src mounted with the noexec option and > that's preventing the script from running? The mount manpage says that > you may still run scripts from a noexec mount, but maybe that's > outdated. > I'm pretty sure this it tries to say that if there is a script on a noexec fs, you still can run it just like you did in your patch. While such a way to "bypass" noexec for scripts seems obvious, I guess it makes sense to document it so that noone does 'sh/python/perl foo' and claims a vulnerability was discovered (it would be impossible to "fix" this anyway). -- Mateusz Guzik <mjguzik gmail.com>help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130922192920.GA7873>