Alexander Viro wrote:
>
>On Fri, 21 Sep 2001, Peter Bornemann wrote:
>
>>This is no problem for me but an inconvenience. If You see all
>>the x-flags You believe in the executability (is that right?), moreover,
>>as on my system executables are displayed in red colour, I feel my eyes
>>are deceived to some extent.
>>
>
>Then you've never used noexec on normal filesystems (after all, _that_
>is the intended use - prohibit execution of binaries from potentially
>unsafe place, and in that case you are interested in all mode bits, so
>you want them to be reported).
>
I wondered what you gain by noexec actually as there is always a way to
execute code you can read. For e.g. if you want to execute a binary from
/mnt/unsafe you can do (RH7.1): /lib/ld-linux.so.2 /mnt/unsafe/hack.bin ?
> Try to remount some normal fs noexec
>(_not_ one that contains mount(8), or you'll have really big trouble
>on hands). Then look at it - exec bits are still there and they
>are still reported.
>
>>But, as umask=111 works, I will switch to that.
>>
>>Thanks a lot!
>>
>>Peter B
>>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Sep 23 2001 - 21:00:43 EST