From owner-freebsd-gnome@FreeBSD.ORG Wed Apr 30 05:01:39 2008 Return-Path: Delivered-To: freebsd-gnome@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A6478106564A for ; Wed, 30 Apr 2008 05:01:39 +0000 (UTC) (envelope-from marcus@marcuscom.com) Received: from creme-brulee.marcuscom.com (unknown [IPv6:2001:470:1f00:ffff::1279]) by mx1.freebsd.org (Postfix) with ESMTP id 4BB708FC0A for ; Wed, 30 Apr 2008 05:01:39 +0000 (UTC) (envelope-from marcus@marcuscom.com) Received: from [IPv6:2001:470:1f00:2464::4] (shumai.marcuscom.com [IPv6:2001:470:1f00:2464::4]) by creme-brulee.marcuscom.com (8.14.2/8.14.2) with ESMTP id m3U5232w098209; Wed, 30 Apr 2008 01:02:08 -0400 (EDT) (envelope-from marcus@marcuscom.com) From: Joe Marcus Clarke To: Kris Moore In-Reply-To: <481771DD.7010007@pcbsd.com> References: <481771DD.7010007@pcbsd.com> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-TMWJlzmj0dyohEqMBmMT" Organization: MarcusCom, Inc. Date: Wed, 30 Apr 2008 01:01:48 -0400 Message-Id: <1209531708.85449.32.camel@shumai.marcuscom.com> Mime-Version: 1.0 X-Mailer: Evolution 2.22.1 FreeBSD GNOME Team Port X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,MIME_QP_LONG_LINE, NO_RELAYS autolearn=no version=3.2.4 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on creme-brulee.marcuscom.com Cc: freebsd-gnome@freebsd.org Subject: Re: Question about noexec flag in HAL X-BeenThere: freebsd-gnome@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GNOME for FreeBSD -- porting and maintaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Apr 2008 05:01:39 -0000 --=-TMWJlzmj0dyohEqMBmMT Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2008-04-29 at 15:07 -0400, Kris Moore wrote: > Hopefully just a quick question. In the past I've had to compile HAL=20 > with a patch to disable the noexec flag from being used when mounting=20 > CD's. The lines in question are below: >=20 > tools/hal-storage-mount.c > #ifdef __FreeBSD__ > #define MOUNT "/sbin/mount" > -#define MOUNT_OPTIONS "noexec,nosuid" > +#define MOUNT_OPTIONS "nosuid" > #define MOUNT_TYPE_OPT "-t" >=20 > This has been rather of a pain, since I don't want to keep making a=20 > custom patch to remove this flag. Is there some other easy way to remove=20 > the noexec flag from being used in CD mounting? I've tried by putting=20 > this in my /usr/local/etc/hal/fdi/policy/preferences.fdi file: >=20 > > > type=3D"bool">false > > >=20 > However, it doesn't seem to make a difference :( >=20 >=20 > Any other hints? Or am I stuck patching HAL itself? For now, you'll have to patch hal. It's up to the application requesting the FS mount to specify the mount options. However, the hardcoded mount options cannot be overridden. I'm willing to entertain the idea of dropping noexec as Linux does, but I'm not sure what the overall security impact of that change might be. Joe >=20 >=20 --=20 PGP Key : http://www.marcuscom.com/pgp.asc --=-TMWJlzmj0dyohEqMBmMT Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (FreeBSD) iEYEABECAAYFAkgX/TwACgkQb2iPiv4Uz4frbgCgla4rqU/x9nb3t1cRLX3VoNHq zIEAoJ6F6W5F9TpmbmJry2JTJVtQNR+4 =mUqh -----END PGP SIGNATURE----- --=-TMWJlzmj0dyohEqMBmMT--