From b11927ff86ae6a824149858fa3d996823cc0ba4a Mon Sep 17 00:00:00 2001 From: cperciva Date: Wed, 23 Mar 2005 04:17:48 +0000 Subject: Add verbiage to the description of the noexec mount option clarifying that it really wasn't intended as a security feature. Wording mostly by: simon Discussed with: secteam --- sbin/mount/mount.8 | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'sbin') diff --git a/sbin/mount/mount.8 b/sbin/mount/mount.8 index afefb25..6ce3d92 100644 --- a/sbin/mount/mount.8 +++ b/sbin/mount/mount.8 @@ -181,6 +181,11 @@ Disable write clustering. Do not allow execution of any binaries on the mounted file system. This option is useful for a server that has file systems containing binaries for architectures other than its own. +Note: This option was not designed as a security feature and no +guarantee is made that it will prevent malicious code execution; for +example, it is still possible to execute scripts which reside on a +.Cm noexec +mounted partition. .It Cm nosuid Do not allow set-user-identifier or set-group-identifier bits to take effect. Note: this option is worthless if a public available suid or sgid -- cgit v1.1