mounting filesystems with "noexec"
suporte at wahtec.com.br
suporte at wahtec.com.br
Sat Sep 24 13:33:22 PDT 2005
>
> On 2005.09.23 22:55:56 +0100, markzero wrote:
> > With all that has been said so far, what is the actual point of
> > the noexec flag?
> >
> >From mount(8) (yes I like quoting the docs. when we have them ;);) ):
>
> This option is useful for a server that has file systems
> containing binaries for architectures other than its own.
Sorry Simon and others,
Where the least privilege principle gone? If there isn't any necessity to have
normal or suid binaries on a partition, why enable it?
Using it on a data-only partition with a chrooted application does not limit
any possible damage? Like file upload and execution using an application
security flaw could be stopped at some point.
Saying one can easily do privilege escalation (like ppl are saying) doesn't
eliminate the need of file permissions and other access policies.
Regards,
--aristeu
More information about the freebsd-security
mailing list