Date: Sat, 24 Sep 2005 20:33:14 +0000 From: suporte@wahtec.com.br To: freebsd-security@freebsd.org Subject: Re: mounting filesystems with "noexec" Message-ID: <200509242033.15931.suporte@wahtec.com.br> In-Reply-To: <20050924120107.11A8416A424@hub.freebsd.org> References: <20050924120107.11A8416A424@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > On 2005.09.23 22:55:56 +0100, markzero wrote: > > With all that has been said so far, what is the actual point of > > the noexec flag? > > > >From mount(8) (yes I like quoting the docs. when we have them ;);) ): > > =A0=A0=A0=A0=A0=A0=A0=A0This option is useful for a server that has file = systems > =A0=A0=A0=A0=A0=A0=A0=A0containing binaries for architectures other than = its own. Sorry Simon and others,=20 Where the least privilege principle gone? If there isn't any necessity to h= ave=20 normal or suid binaries on a partition, why enable it? Using it on a data-only partition with a chrooted application does not limi= t=20 any possible damage? Like file upload and execution using an application=20 security flaw could be stopped at some point.=20 Saying one can easily do privilege escalation (like ppl are saying) doesn't= =20 eliminate the need of file permissions and other access policies. Regards, =2D-aristeu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200509242033.15931.suporte>