Re: Mounting filesystems with "noexec"
From: Simon L. Nielsen (simon_at_FreeBSD.org)
Date: 09/22/05
- Previous message: markzero: "Re: Mounting filesystems with "noexec""
- In reply to: Borja Marcos: "Mounting filesystems with "noexec""
- Next in thread: Andreas Jonsson: "Re: Mounting filesystems with "noexec""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 22 Sep 2005 14:13:27 +0200 To: Borja Marcos <borjamar@sarenet.es>
On 2005.09.22 13:11:43 +0200, Borja Marcos wrote:
> I've been playing a bit with the "noexec" flag for filesystems. It
> can represent a substantial obstacle against the exploitation of
> security holes.
Please note the following from the mount(8) manual page:
noexec Do not allow execution of any binaries on the mounted
file system. This option is useful for a server that has
file systems containing binaries for architectures other
than its own. Note: This option was not designed as a
security feature and no guarantee is made that it will
prevent malicious code execution; for example, it is
still possible to execute scripts which reside on a
noexec mounted partition.
I don't know if it makes sense to log noexec failures, but at least
it's important that people don't completely rely on noexec for
security.
-- Simon L. Nielsen
- application/pgp-signature attachment: stored
- Previous message: markzero: "Re: Mounting filesystems with "noexec""
- In reply to: Borja Marcos: "Mounting filesystems with "noexec""
- Next in thread: Andreas Jonsson: "Re: Mounting filesystems with "noexec""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
