Yet another Linux on the desktop article

[Jason Clinton]

Monty J. Harder wrote:

>  If I make a setuid root bash and put it in a tarball, then try untarring
>it on your machine, tar simply changes the owner of the file to be that of
>the logged-in user.  It ought to be possible to do automount that does
>similar, or perhaps refuses to recognize executable bit on non-directories.
>
Perhaps I should just post an entire copy of the mount man page since we
keep revisiting it. Well, here's the relevant section, anyways:

-o     Options are specified with a -o flag followed by a  comma
sepa-
rated  string of options.  Some of these options are only
useful
when they appear in the /etc/fstab file.  The following
options
apply  to  any  file system that is being mounted (but not
every
file system actually honors them - e.g., the sync  option
today
has effect only for ext2, ext3 and ufs):

... ... ...

noauto Can only be mounted explicitly (i.e., the -a
option  will
not cause the file system to be mounted).

nodev  Do  not  interpret  character or block special
devices on
the file system.

noexec Do not allow execution of any  binaries  on  the
mounted
file  system.   This  option might be useful for a
server
that has file systems containing binaries  for
architec-
tures other than its own.

nosuid Do  not allow set-user-identifier or
set-group-identifier
bits to take effect. (This seems safe,  but  is
in  fact
rather unsafe if you have suidperl(1) installed.)

nouser Forbid  an  ordinary  (i.e.,  non-root) user to
mount the
file system.  This is the default.

... ... ...