[CentOS] why does automounting removable media always have options nodev, noexec, nosuid?
i'm experimenting with some basic removable media mounting exercises for an upcoming class, and i read that, while you can use gconf-editor to change some of the mount options in cases like that, there is no way to override the mount options of nodev, noexec and nosuid. for example, that claim is made here (admittedly for fedora, but it appears to be true for centos as well): http://scrolls.mafgani.net/2007/03/gnome-automount-options/ is there somewhere that one could see and verify that those options always hold for mountable filesystems on removable media? thanks. rday -- Robert P. J. Day Waterloo, Ontario, CANADA Top-notch, inexpensive online Linux/OSS/kernel courses http://crashcourse.ca Twitter: http://twitter.com/rpjday LinkedIn: http://ca.linkedin.com/in/rpjday ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] why does automounting removable media always have options nodev, noexec, nosuid?
On Wed, Sep 15, 2010 at 03:09:39PM -0400, Robert P. J. Day wrote: i'm experimenting with some basic removable media mounting exercises for an upcoming class, and i read that, while you can use gconf-editor to change some of the mount options in cases like that, there is no way to override the mount options of nodev, noexec and nosuid. for example, that claim is made here (admittedly for fedora, but it appears to be true for centos as well): http://scrolls.mafgani.net/2007/03/gnome-automount-options/ is there somewhere that one could see and verify that those options always hold for mountable filesystems on removable media? thanks. I'm sure you could look in the source for verification. But as for *why*: if you could mount removable media with suid executables or device files, in order to get root access on a system, all you'd need to do is make a filesystem containing a setuid root shell. Or a world rw /dev/sda. -- Matthew Miller mat...@mattdm.org http://mattdm.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] why does automounting removable media always have options nodev, noexec, nosuid?
On Wed, Sep 15, 2010 at 9:09 AM, Robert P. J. Day rpj...@crashcourse.cawrote: i'm experimenting with some basic removable media mounting exercises for an upcoming class, and i read that, while you can use gconf-editor to change some of the mount options in cases like that, there is no way to override the mount options of nodev, noexec and nosuid. for example, that claim is made here (admittedly for fedora, but it appears to be true for centos as well): http://scrolls.mafgani.net/2007/03/gnome-automount-options/ is there somewhere that one could see and verify that those options always hold for mountable filesystems on removable media? thanks. This question is different from the one in your subject header. These mount options are 'security features', make crackers jump through another hoop. They can be undone with a mount -o remount. I don't know the answer to your second question about where the defaults are set/displayed. TDB ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] why does automounting removable media always have options nodev, noexec, nosuid?
On Wed, Sep 15, 2010 at 10:26:12AM -1000, Dave wrote: This question is different from the one in your subject header. These mount options are 'security features', make crackers jump through another hoop. They can be undone with a mount -o remount. If one can jump through that hoop, one already has root and doesn't need to. -- Matthew Miller mat...@mattdm.org http://mattdm.org/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
