Yet another Linux on the desktop article
Jason Clinton
me at jasonclinton.com
Thu Aug 12 03:54:13 CDT 2004
Monty J. Harder wrote:
> If I make a setuid root bash and put it in a tarball, then try untarring
>it on your machine, tar simply changes the owner of the file to be that of
>the logged-in user. It ought to be possible to do automount that does
>similar, or perhaps refuses to recognize executable bit on non-directories.
>
Perhaps I should just post an entire copy of the mount man page since we
keep revisiting it. Well, here's the relevant section, anyways:
-o Options are specified with a -o flag followed by a comma
sepa-
rated string of options. Some of these options are only
useful
when they appear in the /etc/fstab file. The following
options
apply to any file system that is being mounted (but not
every
file system actually honors them - e.g., the sync option
today
has effect only for ext2, ext3 and ufs):
... ... ...
noauto Can only be mounted explicitly (i.e., the -a
option will
not cause the file system to be mounted).
nodev Do not interpret character or block special
devices on
the file system.
noexec Do not allow execution of any binaries on the
mounted
file system. This option might be useful for a
server
that has file systems containing binaries for
architec-
tures other than its own.
nosuid Do not allow set-user-identifier or
set-group-identifier
bits to take effect. (This seems safe, but is
in fact
rather unsafe if you have suidperl(1) installed.)
nouser Forbid an ordinary (i.e., non-root) user to
mount the
file system. This is the default.
... ... ...
More information about the Kclug
mailing list