Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.bash.bug > #12039
| Path | csiph.com!au2pb.net!feeder.erje.net!2.us.feeder.erje.net!news.glorb.com!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Chet Ramey <chet.ramey@case.edu> |
| Newsgroups | gnu.bash.bug |
| Subject | Re: [PATCH/RFC] do not source/exec scripts on noexec mount points |
| Date | Wed, 16 Dec 2015 15:23:50 -0500 |
| Lines | 37 |
| Approved | bug-bash@gnu.org |
| Message-ID | <mailman.47.1450297439.843.bug-bash@gnu.org> (permalink) |
| References | <1449954086-30408-1-git-send-email-vapier@gentoo.org> <CAJnmqwZcZOTjXAVJO7vixSEQf2eEUuZocBzMKdpK08zAphzbLQ@mail.gmail.com> <20151214051712.GS11489@vapier.lan> |
| Reply-To | chet.ramey@case.edu |
| NNTP-Posting-Host | lists.gnu.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=utf-8 |
| Content-Transfer-Encoding | 7bit |
| X-Trace | usenet.stanford.edu 1450297440 15165 208.118.235.17 (16 Dec 2015 20:24:00 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| Cc | chet.ramey@case.edu |
| To | konsolebox <konsolebox@gmail.com>, bug-bash <bug-bash@gnu.org> |
| Envelope-to | bug-bash@gnu.org |
| X-Enigmail-Draft-Status | N1110 |
| User-Agent | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 |
| In-Reply-To | <20151214051712.GS11489@vapier.lan> |
| X-Mirapoint-Virus-RAPID-Raw | score=unknown(0), refid=str=0001.0A020205.5671C856.0273,ss=1,re=0.000,fgs=0, ip=0.0.0.0, so=2015-08-12 04:07:17, dmn=2011-05-27 18:58:46 |
| X-Mirapoint-Loop-Id | eccfd6d952130db62953e2b2fe582111 |
| X-Junkmail-Whitelist | YES (by domain whitelist at mpv3-2015.case.edu) |
| X-Mirapoint-Virus-RAPID-Raw | score=unknown(0), refid=str=0001.0A020201.5671C857.00B8,ss=1,re=0.000,fgs=0, ip=0.0.0.0, so=2015-08-12 04:07:17, dmn=2011-05-27 18:58:46 |
| X-Mirapoint-Loop-Id | c2baae8af25449654ab93ce35c5e9075 |
| X-detected-operating-system | by eggs.gnu.org: GNU/Linux 2.4.x-2.6.x [generic] [fuzzy] |
| X-Received-From | 129.22.103.194 |
| X-BeenThere | bug-bash@gnu.org |
| X-Mailman-Version | 2.1.14 |
| Precedence | list |
| List-Id | Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org> |
| List-Unsubscribe | <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe> |
| List-Archive | <http://lists.gnu.org/archive/html/bug-bash> |
| List-Post | <mailto:bug-bash@gnu.org> |
| List-Help | <mailto:bug-bash-request@gnu.org?subject=help> |
| List-Subscribe | <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe> |
| Xref | csiph.com gnu.bash.bug:12039 |
Show key headers only | View raw
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/14/15 12:17 AM, Mike Frysinger wrote: > > (1) the examples i already provided do not involve the user at all, and > include systems where the user has no direct access to the shell. You didn't really provide any examples. You mentioned ChromeOS and vaguely referenced "other verified boot systems". If non-general-purpose systems is the set of systems for which this proposal is in scope, that changes the impact. Since you generally build custom versions for such systems, a configuration-time option to enable this behavior is more reasonable. > (2) choice over runtime functionality is by the sysadmin, not the user. In this case, or in general? > (3) i disagree over the scope of noexec. i think this is in-scope. I really don't agree that it's in the spirit of noexec. - -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, ITS, CWRU chet@case.edu http://cnswww.cns.cwru.edu/~chet/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEUEARECAAYFAlZxyEoACgkQu1hp8GTqdKs7iwCeN3RSffaijMfXrzceHrbksjXE W1oAl0qJHWNo/qNu0cOijRbbNEzDJt4= =kLgz -----END PGP SIGNATURE-----
Back to gnu.bash.bug | Previous | Next | Find similar
Re: [PATCH/RFC] do not source/exec scripts on noexec mount points Chet Ramey <chet.ramey@case.edu> - 2015-12-16 15:23 -0500
csiph-web