Bug 136191

Summary: mount options order is wrong for fstab-sync
Product: [Fedora] Fedora Reporter: David Zeuthen <davidz>
Component: halAssignee: David Zeuthen <davidz>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: mclasen, vader
Target Milestone: ---Keywords: EasyFix
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-10-19 01:35:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 123268    

Description David Zeuthen 2004-10-18 17:32:01 UTC 
Description of problem:

fstab-sync should put 'pamconsole', 'user', 'users' and possibly other
mount options first. This is due to the fact that mount(1) needs to
have e.g. 'exec' after e.g. 'user' because 'user' implies 'noexec'.
See the manual page for mount(1) for details.

Version-Release number of selected component (if applicable):

hal-0.4.0-3
Comment 1 Michal Jaegermann 2004-10-18 18:12:49 UTC 
'man fstab-sync' does not seem to mention explicitely how an order of
options in, possibly, system administrator edited files translates
on generated option lines in /etc/fstab; if such relationship indeed
exists even if it should and should be clearly specified.

I would also think that a default 'noexec' is vastly preferable
in general to an 'exec' mount option and relaxing that should be left
to a sysadmin of a given system.

'man fstab-sync' should also stress that changes need to be _appended_
to other options and explicitly explain how to achieve that effect.
Comment 2 David Zeuthen 2004-10-19 01:35:22 UTC 
Issue Should be fixed in hal-0.4.0-4.

> 'man fstab-sync' does not seem to mention explicitely how an order of
> options in, possibly, system administrator edited files translates
> on generated option lines in /etc/fstab; if such relationship indeed
> exists even if it should and should be clearly specified.

By reviewing the source code for mount(1) in util-linux one will find
that the only requirement on the order is that 'user', 'users',
'pamconsole' and 'defaults' needs to come before others as they other
imply options. Note that these four are, for all practical purposes,
mutually exclusive so the ordering between them is not neccessary to
take into account. Also note that the syscall mount(2) doesn't use
ordering as mount options is given as a union of bits.

> I would also think that a default 'noexec' is vastly preferable
> in general to an 'exec' mount option and relaxing that should be
> left to a sysadmin of a given system.

You will have to file another bug to discuss this in. I don't really
see any attack scenario though; what prevents Mallory from copying a
file to his home directory and chmod a+x it?
Comment 3 Need Real Name 2005-01-13 05:19:29 UTC 
Because "Mallory's" home directory is ALSO mounted noexec.