svn commit: r41813 - head/en_US.ISO8859-1/books/handbook/basics

Eitan Adler eadler at freebsd.org
Mon Jun 3 21:25:08 UTC 2013 

On 3 June 2013 16:24, Chris Rees <utisoft at gmail.com> wrote:
>
> On 3 Jun 2013 13:50, "Eitan Adler" <eadler at freebsd.org> wrote:
>>
>> On 3 June 2013 13:55, Tom Rhodes <trhodes at freebsd.org> wrote:
>> > On Sat, 1 Jun 2013 15:44:45 +0000 (UTC)
>> > Eitan Adler <eadler at FreeBSD.org> wrote:
>> >
>> >> Author: eadler
>> >> Date: Sat Jun  1 15:44:45 2013
>> >> New Revision: 41813
>> >> URL: http://svnweb.freebsd.org/changeset/doc/41813
>> >>
>> >> Log:
>> >>   The man page for mount(1) and the handbook disagree on the security
>> >> value of 'noexec'.  The man page is correct.
>> >>
>> >> Modified:
>> >>   head/en_US.ISO8859-1/books/handbook/basics/chapter.xml
>> >>
>> >> Modified: head/en_US.ISO8859-1/books/handbook/basics/chapter.xml
>> >>
>> >> ==============================================================================
>> >> --- head/en_US.ISO8859-1/books/handbook/basics/chapter.xml    Sat Jun
>> >> 1 15:37:57 2013        (r41812)
>> >> +++ head/en_US.ISO8859-1/books/handbook/basics/chapter.xml    Sat Jun
>> >> 1 15:44:45 2013        (r41813)
>> >> @@ -1790,15 +1790,6 @@ root     5211  0.0  0.2  3620  1724   2
>> >>
>> >>        <variablelist>
>> >>       <varlistentry>
>> >> -       <term>noexec</term>
>> >> -
>> >> -       <listitem>
>> >> -         <para>Do not allow execution of binaries on this file
>> >> -           system.  This is also a useful security option.</para>
>> >> -       </listitem>
>> >> -     </varlistentry>
>> >> -
>> >> -     <varlistentry>
>> >>         <term>nosuid</term>
>> >>
>> >>         <listitem>
>> >
>> > Why not fix rather than remove?
>>
>> This is not really a 'common' mount option to use.
>
> I use it on /tmp all the time; isn't it a nice thing to explain?

It is useful to avoid mistakes as the man page says ' This option is
useful for a server that has file systems containing binaries for
architectures other than its own.'
I think explaining noatime is more important than explaining noexec.
That said, this is a bikeshed argument.  Please feel free to add a
proper explanation of when noexec should be used.  I will have no
objection to that.


-- 
Eitan Adler
Source, Ports, Doc committer
Bugmeister, Ports Security teams

More information about the svn-doc-head mailing list