Date: Wed, 30 Apr 2008 01:01:48 -0400 From: Joe Marcus Clarke <marcus@marcuscom.com> To: Kris Moore <kris@pcbsd.com> Cc: freebsd-gnome@freebsd.org Subject: Re: Question about noexec flag in HAL Message-ID: <1209531708.85449.32.camel@shumai.marcuscom.com> In-Reply-To: <481771DD.7010007@pcbsd.com> References: <481771DD.7010007@pcbsd.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-TMWJlzmj0dyohEqMBmMT Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Tue, 2008-04-29 at 15:07 -0400, Kris Moore wrote: > Hopefully just a quick question. In the past I've had to compile HAL=20 > with a patch to disable the noexec flag from being used when mounting=20 > CD's. The lines in question are below: >=20 > tools/hal-storage-mount.c > #ifdef __FreeBSD__ > #define MOUNT "/sbin/mount" > -#define MOUNT_OPTIONS "noexec,nosuid" > +#define MOUNT_OPTIONS "nosuid" > #define MOUNT_TYPE_OPT "-t" >=20 > This has been rather of a pain, since I don't want to keep making a=20 > custom patch to remove this flag. Is there some other easy way to remove=20 > the noexec flag from being used in CD mounting? I've tried by putting=20 > this in my /usr/local/etc/hal/fdi/policy/preferences.fdi file: >=20 > <device> > <match key=3D"volume.fstype" string=3D"iso9660"> > <merge key=3D"volume.policy.mount_option.noexec"=20 > type=3D"bool">false</merge> > </match> > </device> >=20 > However, it doesn't seem to make a difference :( >=20 >=20 > Any other hints? Or am I stuck patching HAL itself? For now, you'll have to patch hal. It's up to the application requesting the FS mount to specify the mount options. However, the hardcoded mount options cannot be overridden. I'm willing to entertain the idea of dropping noexec as Linux does, but I'm not sure what the overall security impact of that change might be. Joe >=20 >=20 --=20 PGP Key : http://www.marcuscom.com/pgp.asc --=-TMWJlzmj0dyohEqMBmMT Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (FreeBSD) iEYEABECAAYFAkgX/TwACgkQb2iPiv4Uz4frbgCgla4rqU/x9nb3t1cRLX3VoNHq zIEAoJ6F6W5F9TpmbmJry2JTJVtQNR+4 =mUqh -----END PGP SIGNATURE----- --=-TMWJlzmj0dyohEqMBmMT--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1209531708.85449.32.camel>