Question about noexec flag in HAL
Joe Marcus Clarke
marcus at marcuscom.com
Wed Apr 30 05:01:39 UTC 2008
On Tue, 2008-04-29 at 15:07 -0400, Kris Moore wrote:
> Hopefully just a quick question. In the past I've had to compile HAL
> with a patch to disable the noexec flag from being used when mounting
> CD's. The lines in question are below:
>
> tools/hal-storage-mount.c
> #ifdef __FreeBSD__
> #define MOUNT "/sbin/mount"
> -#define MOUNT_OPTIONS "noexec,nosuid"
> +#define MOUNT_OPTIONS "nosuid"
> #define MOUNT_TYPE_OPT "-t"
>
> This has been rather of a pain, since I don't want to keep making a
> custom patch to remove this flag. Is there some other easy way to remove
> the noexec flag from being used in CD mounting? I've tried by putting
> this in my /usr/local/etc/hal/fdi/policy/preferences.fdi file:
>
> <device>
> <match key="volume.fstype" string="iso9660">
> <merge key="volume.policy.mount_option.noexec"
> type="bool">false</merge>
> </match>
> </device>
>
> However, it doesn't seem to make a difference :(
>
>
> Any other hints? Or am I stuck patching HAL itself?
For now, you'll have to patch hal. It's up to the application
requesting the FS mount to specify the mount options. However, the
hardcoded mount options cannot be overridden. I'm willing to entertain
the idea of dropping noexec as Linux does, but I'm not sure what the
overall security impact of that change might be.
Joe
>
>
--
PGP Key : http://www.marcuscom.com/pgp.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-gnome/attachments/20080430/bbe71b80/attachment.pgp
More information about the freebsd-gnome
mailing list