Bug 136191 - mount options order is wrong for fstab-sync
mount options order is wrong for fstab-sync
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: hal (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: David Zeuthen
: EasyFix
Depends On:
Blocks: FC3Target
  Show dependency treegraph
 
Reported: 2004-10-18 13:32 EDT by David Zeuthen
Modified: 2013-03-05 22:41 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-10-18 21:35:22 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Zeuthen 2004-10-18 13:32:01 EDT
Description of problem:

fstab-sync should put 'pamconsole', 'user', 'users' and possibly other
mount options first. This is due to the fact that mount(1) needs to
have e.g. 'exec' after e.g. 'user' because 'user' implies 'noexec'.
See the manual page for mount(1) for details.

Version-Release number of selected component (if applicable):

hal-0.4.0-3
Comment 1 Michal Jaegermann 2004-10-18 14:12:49 EDT
'man fstab-sync' does not seem to mention explicitely how an order of
options in, possibly, system administrator edited files translates
on generated option lines in /etc/fstab; if such relationship indeed
exists even if it should and should be clearly specified.

I would also think that a default 'noexec' is vastly preferable
in general to an 'exec' mount option and relaxing that should be left
to a sysadmin of a given system.

'man fstab-sync' should also stress that changes need to be _appended_
to other options and explicitly explain how to achieve that effect.
Comment 2 David Zeuthen 2004-10-18 21:35:22 EDT
Issue Should be fixed in hal-0.4.0-4.

> 'man fstab-sync' does not seem to mention explicitely how an order of
> options in, possibly, system administrator edited files translates
> on generated option lines in /etc/fstab; if such relationship indeed
> exists even if it should and should be clearly specified.

By reviewing the source code for mount(1) in util-linux one will find
that the only requirement on the order is that 'user', 'users',
'pamconsole' and 'defaults' needs to come before others as they other
imply options. Note that these four are, for all practical purposes,
mutually exclusive so the ordering between them is not neccessary to
take into account. Also note that the syscall mount(2) doesn't use
ordering as mount options is given as a union of bits.

> I would also think that a default 'noexec' is vastly preferable
> in general to an 'exec' mount option and relaxing that should be
> left to a sysadmin of a given system.

You will have to file another bug to discuss this in. I don't really
see any attack scenario though; what prevents Mallory from copying a
file to his home directory and chmod a+x it?
Comment 3 Need Real Name 2005-01-13 00:19:29 EST
Because "Mallory's" home directory is ALSO mounted noexec.

Note You need to log in before you can comment on or make changes to this bug.