Re: mounting filesystems with "noexec"
> With all that has been said so far, what is the actual point of
> the noexec flag?
it prevents executables from being executed on a specific partition.
for instance, you can mount /var with the noexec flag and if you then
try to run any binaries (executables) from /var they simply will not
execute.
root@server[~]% grep 'noexec' /etc/fstab
/dev/aacd0s1h /var ufs rw,noexec,nosuid 2 2
root@server[~]% cp /usr/bin/top /var/top
root@server[~]% /var/./top
/var/./top: Permission denied.
-randall
--
:// randall s. ehren :// voice 805.893.5632
:// systems administrator :// isber|survey|avss.ucsb.edu
:// institute for social, behavioral, and economic research
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 2 之 5 篇):