Question about noexec flag in HAL

Jeremy Messenger mezz7 at cox.net
Wed Apr 30 16:24:40 UTC 2008


On Wed, 30 Apr 2008 11:03:01 -0500, Kris Moore <kris at pcbsd.com> wrote:

>
> Joe,
>
> Thanks for getting back to me on this. Is there any way we can drop this  
> flag by default? It messes with our PBI system, which are executables.  
> Currently users have to copy a PBI file from CD or USB to their desktop  
> before installing, when they should really be able to just double-click  
> and have it go. I don't believe their will be any security issues, in  
> past versions of HAL I've been taking this flag out, and we've not seen  
> any problems with doing so.

I don't see any security issue either with PolicyKit. Also, whomever have  
access to mount stuff and can edit fdi file are already trushed. I only  
see an issue with multi-users, but it still doesn't make any sense anyway  
when admin wants it to be without noexec that should know there is no  
problem. It won't change the default in our ports unless someone add fdi  
file(s). Althought, only issue is in PC-BSD for being default rather than  
in our hal port.

Cheers,
Mezz

> Thanks!


-- 
mezz7 at cox.net  -  mezz at FreeBSD.org
FreeBSD GNOME Team
http://www.FreeBSD.org/gnome/  -  gnome at FreeBSD.org


More information about the freebsd-gnome mailing list