mounting filesystems with "noexec"
randall s. ehren
randall at ucsb.edu
Fri Sep 23 15:03:05 PDT 2005
> With all that has been said so far, what is the actual point of
> the noexec flag?
it prevents executables from being executed on a specific partition.
for instance, you can mount /var with the noexec flag and if you then
try to run any binaries (executables) from /var they simply will not
execute.
root at server[~]% grep 'noexec' /etc/fstab
/dev/aacd0s1h /var ufs rw,noexec,nosuid 2 2
root at server[~]% cp /usr/bin/top /var/top
root at server[~]% /var/./top
/var/./top: Permission denied.
-randall
--
:// randall s. ehren :// voice 805.893.5632
:// systems administrator :// isber|survey|avss.ucsb.edu
:// institute for social, behavioral, and economic research
More information about the freebsd-security
mailing list