Date: Sat, 24 Sep 2005 20:33:14 +0000 From: suporte@wahtec.com.br To: freebsd-security@freebsd.org Subject: Re: mounting filesystems with "noexec" Message-ID: <200509242033.15931.suporte@wahtec.com.br> In-Reply-To: <20050924120107.11A8416A424@hub.freebsd.org> References: <20050924120107.11A8416A424@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > On 2005.09.23 22:55:56 +0100, markzero wrote: > > With all that has been said so far, what is the actual point of > > the noexec flag? > > > >From mount(8) (yes I like quoting the docs. when we have them ;);) ): > > This option is useful for a server that has file systems > containing binaries for architectures other than its own. Sorry Simon and others, Where the least privilege principle gone? If there isn't any necessity to have normal or suid binaries on a partition, why enable it? Using it on a data-only partition with a chrooted application does not limit any possible damage? Like file upload and execution using an application security flaw could be stopped at some point. Saying one can easily do privilege escalation (like ppl are saying) doesn't eliminate the need of file permissions and other access policies. Regards, --aristeu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200509242033.15931.suporte>