|
From: | John McKown |
Subject: | Re: [PATCH/RFC] do not source/exec scripts on noexec mount points |
Date: | Wed, 16 Dec 2015 14:29:30 -0600 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/14/15 12:17 AM, Mike Frysinger wrote:
>
> (1) the examples i already provided do not involve the user at all, and
> include systems where the user has no direct access to the shell.
You didn't really provide any examples. You mentioned ChromeOS and vaguely
referenced "other verified boot systems".
If non-general-purpose systems is the set of systems for which this
proposal is in scope, that changes the impact. Since you generally build
custom versions for such systems, a configuration-time option to enable
this behavior is more reasonable.
> (2) choice over runtime functionality is by the sysadmin, not the user.
In this case, or in general?
> (3) i disagree over the scope of noexec. i think this is in-scope.
I really don't agree that it's in the spirit of noexec.
- --
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU chet@case.edu http://cnswww.cns.cwru.edu/~chet/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEUEARECAAYFAlZxyEoACgkQu1hp8GTqdKs7iwCeN3RSffaijMfXrzceHrbksjXE
W1oAl0qJHWNo/qNu0cOijRbbNEzDJt4=
=kLgz
-----END PGP SIGNATURE-----
[Prev in Thread] | Current Thread | [Next in Thread] |