On Tuesday 31 July 2007, Zack Weinberg wrote: > On 7/30/07, Wolfgang Walter <[EMAIL PROTECTED]> wrote: > > I don't think this is the right thing to do, and I really doubt the kernel > > will be changed. Ignoring the noexec option for device files is not only a > > visible change for userspace but it is a rather dangerous one. > > Could you expand on that, please? I admit I haven't done much work on > programs that have anything to do with device files, but neither half > of your assertion is obvious to me. >
Today the kernel honors the noexec mount option for device files. And of course userspace can depend on that restriction. And sometimes this may be important. If you mounted a filesystem noexec because you did not want device files to be mapped PROT_EXEC now they suddenly were (maybe in a carefully arranged environment). Regards, -- Wolfgang Walter Studentenwerk München Anstalt des öffentlichen Rechts Leiter EDV Leopoldstraße 15 80802 München
