diff options
author | cperciva <cperciva@FreeBSD.org> | 2005-03-23 04:17:48 +0000 |
---|---|---|
committer | cperciva <cperciva@FreeBSD.org> | 2005-03-23 04:17:48 +0000 |
commit | b11927ff86ae6a824149858fa3d996823cc0ba4a (patch) | |
tree | 201268b0f935c450a1cf7eb52f4c1caa14da282a /sbin/mount/mount.8 | |
parent | ac3022cbb0f096a105574fb92fde0b0706763ce0 (diff) | |
download | FreeBSD-src-b11927ff86ae6a824149858fa3d996823cc0ba4a.zip FreeBSD-src-b11927ff86ae6a824149858fa3d996823cc0ba4a.tar.gz |
Add verbiage to the description of the noexec mount option clarifying
that it really wasn't intended as a security feature.
Wording mostly by: simon
Discussed with: secteam
Diffstat (limited to 'sbin/mount/mount.8')
-rw-r--r-- | sbin/mount/mount.8 | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/sbin/mount/mount.8 b/sbin/mount/mount.8 index afefb25..6ce3d92 100644 --- a/sbin/mount/mount.8 +++ b/sbin/mount/mount.8 @@ -181,6 +181,11 @@ Disable write clustering. Do not allow execution of any binaries on the mounted file system. This option is useful for a server that has file systems containing binaries for architectures other than its own. +Note: This option was not designed as a security feature and no +guarantee is made that it will prevent malicious code execution; for +example, it is still possible to execute scripts which reside on a +.Cm noexec +mounted partition. .It Cm nosuid Do not allow set-user-identifier or set-group-identifier bits to take effect. Note: this option is worthless if a public available suid or sgid |