|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: mounting filesystems with "noexec"
suporte
wahtec.com.br
Date: Sat Sep 24 2005 - 15:33:14 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>
> On 2005.09.23 22:55:56 +0100, markzero wrote:
> > With all that has been said so far, what is the actual point of
> > the noexec flag?
> >
> >From mount(8) (yes I like quoting the docs. when we have them ;);) ):
>
> This option is useful for a server that has file systems
> containing binaries for architectures other than its own.
Sorry Simon and others,
Where the least privilege principle gone? If there isn't any necessity to have
normal or suid binaries on a partition, why enable it?
Using it on a data-only partition with a chrooted application does not limit
any possible damage? Like file upload and execution using an application
security flaw could be stopped at some point.
Saying one can easily do privilege escalation (like ppl are saying) doesn't
eliminate the need of file permissions and other access policies.
Regards,
--aristeu
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]