Re: [PATCH/RFC] do not source/exec scripts on noexec mount points

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH/RFC] do not source/exec scripts on noexec mount points

From:	Chet Ramey
Subject:	Re: [PATCH/RFC] do not source/exec scripts on noexec mount points
Date:	Wed, 16 Dec 2015 15:23:50 -0500
User-agent:	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.4.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/14/15 12:17 AM, Mike Frysinger wrote:

> 
> (1) the examples i already provided do not involve the user at all, and
>     include systems where the user has no direct access to the shell.

You didn't really provide any examples. You mentioned ChromeOS and vaguely
referenced "other verified boot systems".

If non-general-purpose systems is the set of systems for which this
proposal is in scope, that changes the impact.  Since you generally build
custom versions for such systems, a configuration-time option to enable
this behavior is more reasonable.

> (2) choice over runtime functionality is by the sysadmin, not the user.

In this case, or in general?

> (3) i disagree over the scope of noexec.  i think this is in-scope.

I really don't agree that it's in the spirit of noexec.

- -- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    chet@case.edu    http://cnswww.cns.cwru.edu/~chet/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEUEARECAAYFAlZxyEoACgkQu1hp8GTqdKs7iwCeN3RSffaijMfXrzceHrbksjXE
W1oAl0qJHWNo/qNu0cOijRbbNEzDJt4=
=kLgz
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH/RFC] do not source/exec scripts on noexec mount points, (continued)
- Re: [PATCH/RFC] do not source/exec scripts on noexec mount points, John McKown, 2015/12/12
  - Re: [PATCH/RFC] do not source/exec scripts on noexec mount points, Mike Frysinger, 2015/12/12
- Re: [PATCH/RFC] do not source/exec scripts on noexec mount points, konsolebox, 2015/12/13
  - Re: [PATCH/RFC] do not source/exec scripts on noexec mount points, Mike Frysinger, 2015/12/14
    - Re: [PATCH/RFC] do not source/exec scripts on noexec mount points, konsolebox, 2015/12/14
    - Re: [PATCH/RFC] do not source/exec scripts on noexec mount points, Mike Frysinger, 2015/12/14
    - Re: [PATCH/RFC] do not source/exec scripts on noexec mount points, konsolebox, 2015/12/15
    - Re: [PATCH/RFC] do not source/exec scripts on noexec mount points, Chet Ramey, 2015/12/16
    - Re: [PATCH/RFC] do not source/exec scripts on noexec mount points, Chet Ramey <=
    - Re: [PATCH/RFC] do not source/exec scripts on noexec mount points, John McKown, 2015/12/16
    - Re: [PATCH/RFC] do not source/exec scripts on noexec mount points, Chet Ramey, 2015/12/16
- Re: [PATCH/RFC] do not source/exec scripts on noexec mount points, Stephane Chazelas, 2015/12/13
  - Re: [PATCH/RFC] do not source/exec scripts on noexec mount points, Mike Frysinger, 2015/12/14
- Re: [PATCH/RFC] do not source/exec scripts on noexec mount points, Chet Ramey, 2015/12/13
  - Re: [PATCH/RFC] do not source/exec scripts on noexec mount points, Mike Frysinger, 2015/12/14
    - Re: [PATCH/RFC] do not source/exec scripts on noexec mount points, Chet Ramey, 2015/12/16

Prev by Date: Re: Bash logo
Next by Date: Re: [PATCH/RFC] do not source/exec scripts on noexec mount points
Previous by thread: Re: [PATCH/RFC] do not source/exec scripts on noexec mount points
Next by thread: Re: [PATCH/RFC] do not source/exec scripts on noexec mount points
Index(es):
- Date
- Thread