Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.bash.bug > #12039
| From | Chet Ramey <chet.ramey@case.edu> |
|---|---|
| Newsgroups | gnu.bash.bug |
| Subject | Re: [PATCH/RFC] do not source/exec scripts on noexec mount points |
| Date | 2015-12-16 15:23 -0500 |
| Message-ID | <mailman.47.1450297439.843.bug-bash@gnu.org> (permalink) |
| References | <1449954086-30408-1-git-send-email-vapier@gentoo.org> <CAJnmqwZcZOTjXAVJO7vixSEQf2eEUuZocBzMKdpK08zAphzbLQ@mail.gmail.com> <20151214051712.GS11489@vapier.lan> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/14/15 12:17 AM, Mike Frysinger wrote: > > (1) the examples i already provided do not involve the user at all, and > include systems where the user has no direct access to the shell. You didn't really provide any examples. You mentioned ChromeOS and vaguely referenced "other verified boot systems". If non-general-purpose systems is the set of systems for which this proposal is in scope, that changes the impact. Since you generally build custom versions for such systems, a configuration-time option to enable this behavior is more reasonable. > (2) choice over runtime functionality is by the sysadmin, not the user. In this case, or in general? > (3) i disagree over the scope of noexec. i think this is in-scope. I really don't agree that it's in the spirit of noexec. - -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, ITS, CWRU chet@case.edu http://cnswww.cns.cwru.edu/~chet/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEUEARECAAYFAlZxyEoACgkQu1hp8GTqdKs7iwCeN3RSffaijMfXrzceHrbksjXE W1oAl0qJHWNo/qNu0cOijRbbNEzDJt4= =kLgz -----END PGP SIGNATURE-----
Back to gnu.bash.bug | Previous | Next | Find similar
Re: [PATCH/RFC] do not source/exec scripts on noexec mount points Chet Ramey <chet.ramey@case.edu> - 2015-12-16 15:23 -0500
csiph-web