upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-09 00:32:25 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add verbiage to the description of the noexec mount option clarifying

Browse source 
that it really wasn't intended as a security feature.

Wording mostly by: simon
Discussed with:	secteam
This commit is contained in:
Colin Percival 2005-03-23 04:17:48 +00:00
parent 0cdbdea6e4
commit 18a3dd1e34
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
sbin/mount/mount.8
View file

@ -181,6 +181,11 @@ Disable write clustering.
Do not allow execution of any binaries on the mounted file system.
This option is useful for a server that has file systems containing
binaries for architectures other than its own.
Note: This option was not designed as a security feature and no
guarantee is made that it will prevent malicious code execution; for
example, it is still possible to execute scripts which reside on a
.Cm noexec
mounted partition.
.It Cm nosuid
Do not allow set-user-identifier or set-group-identifier bits to take effect.
Note: this option is worthless if a public available suid or sgid