* nfsv4 mount with noexec
@ 2013-06-01 11:33 William Dauchy
2013-06-02 20:56 ` Myklebust, Trond
0 siblings, 1 reply; 3+ messages in thread
From: William Dauchy @ 2013-06-01 11:33 UTC (permalink / raw)
To: Trond Myklebust; +Cc: Linux NFS mailing list
Hello,
I've been testing a nfsv4 client based on a 3.8.13 kernel with the
following additional patches:
a3c3cac SUNRPC: Prevent an rpc_task wakeup race
f448bad NFSv4: Fix a thinko in nfs4_try_open_cached
eb54d43 NFS: Fix security flavor negotiation with legacy binary mounts
the mount options are:
type nfs4
rw,nosuid,nodev,noexec,noatime,nodiratime,vers=4.0,rsize=32768,wsize=32768,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,local_lock=none
Even with the noexec option, I'm still able to execute local binaries
on the mounted file system.
Am I wrong on something? I didn't had the issue on a 3.4.x
Regards,
--
William
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: nfsv4 mount with noexec
2013-06-01 11:33 nfsv4 mount with noexec William Dauchy
@ 2013-06-02 20:56 ` Myklebust, Trond
2013-06-02 23:05 ` William Dauchy
0 siblings, 1 reply; 3+ messages in thread
From: Myklebust, Trond @ 2013-06-02 20:56 UTC (permalink / raw)
To: William Dauchy; +Cc: Linux NFS mailing list, linux-fsdevel@vger.kernel.org
On Sat, 2013-06-01 at 13:33 +0200, William Dauchy wrote:
> Hello,
>
> I've been testing a nfsv4 client based on a 3.8.13 kernel with the
> following additional patches:
> a3c3cac SUNRPC: Prevent an rpc_task wakeup race
> f448bad NFSv4: Fix a thinko in nfs4_try_open_cached
> eb54d43 NFS: Fix security flavor negotiation with legacy binary mounts
>
> the mount options are:
> type nfs4
> rw,nosuid,nodev,noexec,noatime,nodiratime,vers=4.0,rsize=32768,wsize=32768,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,local_lock=none
>
> Even with the noexec option, I'm still able to execute local binaries
> on the mounted file system.
> Am I wrong on something? I didn't had the issue on a 3.4.x
The mount level flags such as 'nosuid', 'nodev' and 'noexec' are
supposed to be enforced by the VFS, and not by the NFS code. The check
is supposedly done in fs/exec.c:open_exec() after the file has been
opened by the filesystem.
Does 'cat /proc/mounts' actually show the noexec option being applied to
the mountpoint by the kernel?
--
Trond Myklebust
Linux NFS client maintainer
NetApp
Trond.Myklebust@netapp.com
www.netapp.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: nfsv4 mount with noexec
2013-06-02 20:56 ` Myklebust, Trond
@ 2013-06-02 23:05 ` William Dauchy
0 siblings, 0 replies; 3+ messages in thread
From: William Dauchy @ 2013-06-02 23:05 UTC (permalink / raw)
To: Myklebust, Trond; +Cc: Linux NFS mailing list, linux-fsdevel@vger.kernel.org
On Sun, Jun 2, 2013 at 10:56 PM, Myklebust, Trond
<Trond.Myklebust@netapp.com> wrote:
> The mount level flags such as 'nosuid', 'nodev' and 'noexec' are
> supposed to be enforced by the VFS, and not by the NFS code. The check
> is supposedly done in fs/exec.c:open_exec() after the file has been
> opened by the filesystem.
>
> Does 'cat /proc/mounts' actually show the noexec option being applied to
> the mountpoint by the kernel?
arg I mixed the original mount point and a binded mount point.
Sorry for the noise,
--
William
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-06-02 23:05 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-06-01 11:33 nfsv4 mount with noexec William Dauchy
2013-06-02 20:56 ` Myklebust, Trond
2013-06-02 23:05 ` William Dauchy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).