Date: Wed, 30 Apr 2008 11:26:52 -0500 From: "Jeremy Messenger" <mezz7@cox.net> To: "Kris Moore" <kris@pcbsd.com> Cc: freebsd-gnome@freebsd.org Subject: Re: Question about noexec flag in HAL Message-ID: <op.uafmm2ym9aq2h7@mezz.mezzweb.com> In-Reply-To: <48189835.8030103@pcbsd.com> References: <481771DD.7010007@pcbsd.com> <1209531708.85449.32.camel@shumai.marcuscom.com> <48189835.8030103@pcbsd.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 30 Apr 2008 11:03:01 -0500, Kris Moore <kris@pcbsd.com> wrote: > > Joe, > > Thanks for getting back to me on this. Is there any way we can drop this > flag by default? It messes with our PBI system, which are executables. > Currently users have to copy a PBI file from CD or USB to their desktop > before installing, when they should really be able to just double-click > and have it go. I don't believe their will be any security issues, in > past versions of HAL I've been taking this flag out, and we've not seen > any problems with doing so. I don't see any security issue either with PolicyKit. Also, whomever have access to mount stuff and can edit fdi file are already trushed. I only see an issue with multi-users, but it still doesn't make any sense anyway when admin wants it to be without noexec that should know there is no problem. It won't change the default in our ports unless someone add fdi file(s). Althought, only issue is in PC-BSD for being default rather than in our hal port. Cheers, Mezz > Thanks! -- mezz7@cox.net - mezz@FreeBSD.org FreeBSD GNOME Team http://www.FreeBSD.org/gnome/ - gnome@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.uafmm2ym9aq2h7>