From owner-freebsd-gnome@FreeBSD.ORG Wed Apr 30 16:24:40 2008 Return-Path: Delivered-To: freebsd-gnome@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 633F1106566C for ; Wed, 30 Apr 2008 16:24:40 +0000 (UTC) (envelope-from mezz7@cox.net) Received: from eastrmmtao106.cox.net (eastrmmtao106.cox.net [68.230.240.48]) by mx1.freebsd.org (Postfix) with ESMTP id D55278FC12 for ; Wed, 30 Apr 2008 16:24:39 +0000 (UTC) (envelope-from mezz7@cox.net) Received: from eastrmimpo01.cox.net ([68.1.16.119]) by eastrmmtao106.cox.net (InterMail vM.7.08.02.01 201-2186-121-102-20070209) with ESMTP id <20080430162438.CFFE15722.eastrmmtao106.cox.net@eastrmimpo01.cox.net>; Wed, 30 Apr 2008 12:24:38 -0400 Received: from mezz.mezzweb.com ([24.255.149.218]) by eastrmimpo01.cox.net with bizsmtp id KsQe1Z0084iy4EG02sQeMX; Wed, 30 Apr 2008 12:24:38 -0400 Date: Wed, 30 Apr 2008 11:26:52 -0500 To: "Kris Moore" From: "Jeremy Messenger" Content-Type: text/plain; format=flowed; delsp=yes; charset=us-ascii MIME-Version: 1.0 References: <481771DD.7010007@pcbsd.com> <1209531708.85449.32.camel@shumai.marcuscom.com> <48189835.8030103@pcbsd.com> Content-Transfer-Encoding: 7bit Message-ID: In-Reply-To: <48189835.8030103@pcbsd.com> User-Agent: Opera Mail/9.27 (Linux) Cc: freebsd-gnome@freebsd.org Subject: Re: Question about noexec flag in HAL X-BeenThere: freebsd-gnome@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GNOME for FreeBSD -- porting and maintaining List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Apr 2008 16:24:40 -0000 On Wed, 30 Apr 2008 11:03:01 -0500, Kris Moore wrote: > > Joe, > > Thanks for getting back to me on this. Is there any way we can drop this > flag by default? It messes with our PBI system, which are executables. > Currently users have to copy a PBI file from CD or USB to their desktop > before installing, when they should really be able to just double-click > and have it go. I don't believe their will be any security issues, in > past versions of HAL I've been taking this flag out, and we've not seen > any problems with doing so. I don't see any security issue either with PolicyKit. Also, whomever have access to mount stuff and can edit fdi file are already trushed. I only see an issue with multi-users, but it still doesn't make any sense anyway when admin wants it to be without noexec that should know there is no problem. It won't change the default in our ports unless someone add fdi file(s). Althought, only issue is in PC-BSD for being default rather than in our hal port. Cheers, Mezz > Thanks! -- mezz7@cox.net - mezz@FreeBSD.org FreeBSD GNOME Team http://www.FreeBSD.org/gnome/ - gnome@FreeBSD.org