MNT_NOEXEC on root filesystem with diskless PXE boot?

Tom Alsberg alsbergt at zoopee.org
Thu Mar 31 03:16:29 PST 2005 

Perhaps this should go to -STABLE, I just couldn't be sure.

We are trying out FreeBSD 5.4-PRERELEASE on diskless clients.  I
noticed one problem, being that when setting the LD_LIBRARY_PATH
(or for that matter, LD_PRELOAD, and LD_LIBMAP_DISABLE) environment
variables, nothing will run, as /libexec/ld-elf.so.1 complains:

Cannot execute objects on /

According to the sources, this was added in 5.4, and will happen
if / is mounted noexec.

In this case, / is mounted by the BTX PXE loader over NFS (from a
FreeBSD 5.3 server, right now).  "mount" does not show the noexec
flag.  However, with the attached little C program I verified that
statfs really returns this flag (0x00000006).

Now, I see that on FreeBSD 5.3 diskless clients this flag is also
returned on / - just it happened that nobody looked at it until
the change in rtld.c of FreeBSD 5.4:

if (fs.f_flags & MNT_NOEXEC) {
	_rtld_error("Cannot execute objects on %s\n", fs.f_mntonname);
	close(fd);
	return NULL;
}

I didn't yet understand (didn't check much) - why does statfs report
the MNT_NOEXEC flag on the / filesystem (and only the / filesystem,
when it's mounted from NFS by the bootloader - not any other
NFS filesystems)?  BTW, this happens also with NetApp as the NFS 
server - just to rule out any possibility of relation here.

  Ideas appreciated,
  -- Tom

-- 
  Tom Alsberg - certified insane, complete illiterate.
	Homepage: http://www.cs.huji.ac.il/~alsbergt/
  * An idea is not responsible for the people who believe in it.
-------------- next part --------------
#include <stdio.h>
#include <fcntl.h>
#include <sys/param.h>
#include <sys/mount.h>


int main(int argc, char *argv[])
{
    if (argc != 2) {
	fprintf(stderr, "invalid number of arguments");
	return -1;
    }

    struct statfs stbuf;

    if (statfs(argv[1], &stbuf) != 0) {
	perror("fstatfs");
	return -1;
    }

    printf("FLAGS: 0x%08X\n", stbuf.f_flags);
    if (stbuf.f_flags & MNT_NOEXEC)
	printf("MNT_NOEXEC\n");

    return 0;
}

More information about the freebsd-hackers mailing list