Quoting Alexey Vyskubov ([EMAIL PROTECTED]): > > That's not my experience. I can only assume your /tmp filesystem, > > like mine, is not vfat-like. Whereas this floppy is: > > You probably have some additional settings somewhere (where?). [...] > Please show output for 'mount' command after mounting floppy.
No, I'm afraid you're doing something differently from me (remount). I get the impression that you're trying to find an exploit against the useful feature that I pointed out in my original message, as if it was a security defence. I didn't offer it as a defence but as a convenience (acknowledged in my first message to you). I was concerned lest his statement "noexec has no good purpose" should cause anyone to consider getting rid of it, or not going to the trouble of continuing to support it on filesystems that don't actually have exec permissions. If it has any security (sensu lato) value at all, noexec only prevents accidents rather than maintaining security (sensu stricto) against exploits. If you want the feature to remain useful, mount the filesystem noexec to begin with---don't mount it exec, fiddle with it, and then remount noexec. If you're not interested in why remount leads to the effects you've posted, stop reading here... When you mount a vfat-like filesystem without noexec, all the files inherit an x permission. With noexec, they all lose the x (except directories). However, all this is actually faked, and that leads to a problem (your exploit) when files are in use on a filesystem that gets remounted. Unused files are able to inherit the new mount flags, but files already in use have to keep their current flags. (Thanks to [EMAIL PROTECTED] for clearly commenting the kernel code.) How it should be done: # mount -v -t vfat -o noexec /dev/fd0 /mnt /dev/fd0 on /mnt type vfat (rw,noexec) # chmod -v +x /mnt/* mode of /mnt/afile changed to 0755 (rwxr-xr-x) [all this has no mode of /mnt/bfile changed to 0755 (rwxr-xr-x) effect because mode of /mnt/flip retained as 0755 (rwxr-xr-x) of noexec flag] # ls -lR /mnt /mnt: total 8 -rw-r--r-- 1 root root 3705 Apr 6 1999 afile -rw-r--r-- 1 root root 3705 Apr 6 1999 bfile drwxr-xr-x 2 root root 512 Apr 6 1999 flip /mnt/flip: total 4 -rw-r--r-- 1 root root 3705 Apr 6 1999 cfile # umount /mnt How it's best not done: # mount -v -t vfat /dev/fd0 /mnt /dev/fd0 on /mnt type vfat (rw) # ls -l /mnt/b* [use bfile] -rwxr-xr-x 1 root root 3705 Apr 6 1999 /mnt/bfile # mount -v -o remount,noexec /mnt /dev/fd0 on /mnt type vfat (rw,noexec) # ls -lR /mnt /mnt: total 8 -rw-r--r-- 1 root root 3705 Apr 6 1999 afile -rwxr-xr-x 1 root root 3705 Apr 6 1999 bfile [x retained] drwxr-xr-x 2 root root 512 Apr 6 1999 flip /mnt/flip: total 4 -rw-r--r-- 1 root root 3705 Apr 6 1999 cfile I hope my intentions, and those of the developers, are clearer now. Cheers, -- Email: [EMAIL PROTECTED] Tel: +44 1908 653 739 Fax: +44 1908 655 151 Snail: David Wright, Earth Science Dept., Milton Keynes, England, MK7 6AA Disclaimer: These addresses are only for reaching me, and do not signify official stationery. Views expressed here are either my own or plagiarised.
