Add verbiage to the description of the noexec mount option clarifying

that it really wasn't intended as a security feature. Wording mostly by: simon Discussed with: secteam
author: cperciva <cperciva@FreeBSD.org> 2005-03-23 04:17:48 +0000
committer: cperciva <cperciva@FreeBSD.org> 2005-03-23 04:17:48 +0000
commit: b11927ff86ae6a824149858fa3d996823cc0ba4a (patch)
tree: 201268b0f935c450a1cf7eb52f4c1caa14da282a /sbin/mount
parent: ac3022cbb0f096a105574fb92fde0b0706763ce0 (diff)
download: FreeBSD-src-b11927ff86ae6a824149858fa3d996823cc0ba4a.zip
FreeBSD-src-b11927ff86ae6a824149858fa3d996823cc0ba4a.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/sbin/mount/mount.8 b/sbin/mount/mount.8
index afefb25..6ce3d92 100644
--- a/sbin/mount/mount.8
+++ b/sbin/mount/mount.8
@@ -181,6 +181,11 @@ Disable write clustering.
 Do not allow execution of any binaries on the mounted file system.
 This option is useful for a server that has file systems containing
 binaries for architectures other than its own.
+Note: This option was not designed as a security feature and no
+guarantee is made that it will prevent malicious code execution; for
+example, it is still possible to execute scripts which reside on a
+.Cm noexec
+mounted partition.
 .It Cm nosuid
 Do not allow set-user-identifier or set-group-identifier bits to take effect.
 Note: this option is worthless if a public available suid or sgid
author	cperciva <cperciva@FreeBSD.org>	2005-03-23 04:17:48 +0000
committer	cperciva <cperciva@FreeBSD.org>	2005-03-23 04:17:48 +0000
commit	b11927ff86ae6a824149858fa3d996823cc0ba4a (patch)
tree	201268b0f935c450a1cf7eb52f4c1caa14da282a /sbin/mount
parent	ac3022cbb0f096a105574fb92fde0b0706763ce0 (diff)
download	FreeBSD-src-b11927ff86ae6a824149858fa3d996823cc0ba4a.zip FreeBSD-src-b11927ff86ae6a824149858fa3d996823cc0ba4a.tar.gz