Date: Fri, 23 Sep 2005 15:03:47 -0700 From: "randall s. ehren" <randall@ucsb.edu> To: markzero <mark@darklogik.org> Cc: freebsd-security@freebsd.org Subject: Re: mounting filesystems with "noexec" Message-ID: <43347BC3.7000308@ucsb.edu> In-Reply-To: <20050923215556.GB72838@logik.internal.network> References: <F02FC593-8F19-40D4-B1E7-63B78F1E5300@sarenet.es> <43332CD7.4070107@romab.com> <726F1E71-D4D9-4C34-848D-868C1158834E@sarenet.es> <43345736.3090602@gugol.ru> <20050923215556.GB72838@logik.internal.network>
next in thread | previous in thread | raw e-mail | index | archive | help
> With all that has been said so far, what is the actual point of
> the noexec flag?
it prevents executables from being executed on a specific partition.
for instance, you can mount /var with the noexec flag and if you then
try to run any binaries (executables) from /var they simply will not
execute.
root@server[~]% grep 'noexec' /etc/fstab
/dev/aacd0s1h /var ufs rw,noexec,nosuid 2 2
root@server[~]% cp /usr/bin/top /var/top
root@server[~]% /var/./top
/var/./top: Permission denied.
-randall
--
:// randall s. ehren :// voice 805.893.5632
:// systems administrator :// isber|survey|avss.ucsb.edu
:// institute for social, behavioral, and economic research
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43347BC3.7000308>