Quoting Alexey Vyskubov ([EMAIL PROTECTED]): > > > > noexec has no good purpose, really. But it's intention was for > > > > networked filesystems in certain environments, not a generalized > > > > security tool. > > > > > > It's very useful for mounting filesystems like vfat, where otherwise > > > all the files are marked executable which makes mc a PITA to use for > > > examining archive files (mc tries to execute them!). > > > > Ah, interesting. ;) Of course, that isn't a security related reason.
Granted. Except that it does prevent one from accidently executing programs on certain removable media, e.g. those that my partner has written on with 'doze. > It's just wrong. > > If you will mount filesystem with noexec option (try!) files may have > 'x' permission. And they can *look* executable (e.g. on vfat partition > you will see all files 'executable', as usual). The only difference is > that if you will try to execute such file you will get 'permission > denied' error message. But mc will try to execute every file :) That's not my experience. I can only assume your /tmp filesystem, like mine, is not vfat-like. Whereas this floppy is: Script started on Thu Jan 3 11:41:37 2002 ~# mount -t vfat /dev/fd0 /floppy ~# ls -l /floppy/p* -rwxr-xr-x 1 root root 160498 May 15 2001 /floppy/pcbits.zip ~# umount /floppy/ ~# mount -t vfat -o noexec /dev/fd0 /floppy ~# ls -l /floppy/p* -rw-r--r-- 1 root root 160498 May 15 2001 /floppy/pcbits.zip ~# chmod +x /floppy/pcbits.zip ~# ls -l /floppy/p* -rw-r--r-- 1 root root 160498 May 15 2001 /floppy/pcbits.zip ~# umount /floppy/ ~# Script done on Thu Jan 3 11:44:12 2002 > [terrapin] 08:46:52 ~$ sudo mount -o remount,noexec /tmp > Password: > [terrapin] 08:47:11 ~$ touch /tmp/a > [terrapin] 08:47:14 ~$ chmod +x /tmp/a > [terrapin] 08:47:17 ~$ ls -l /tmp/a > -rwxr-xr-x 1 alexey alexey 0 ñÎ× 3 08:47 /tmp/a > [terrapin] 08:47:21 ~$ /tmp/a > bash: /tmp/a: Permission denied > [terrapin] 08:47:25 ~$ Cheers, -- Email: [EMAIL PROTECTED] Tel: +44 1908 653 739 Fax: +44 1908 655 151 Snail: David Wright, Earth Science Dept., Milton Keynes, England, MK7 6AA Disclaimer: These addresses are only for reaching me, and do not signify official stationery. Views expressed here are either my own or plagiarised. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
