Bug 136191 - mount options order is wrong for fstab-sync
Summary: mount options order is wrong for fstab-sync
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: hal
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: David Zeuthen
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: FC3Target
TreeView+ depends on / blocked
 
Reported: 2004-10-18 17:32 UTC by David Zeuthen
Modified: 2013-03-06 03:41 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2004-10-19 01:35:22 UTC


Attachments (Terms of Use)

Description David Zeuthen 2004-10-18 17:32:01 UTC
Description of problem:

fstab-sync should put 'pamconsole', 'user', 'users' and possibly other
mount options first. This is due to the fact that mount(1) needs to
have e.g. 'exec' after e.g. 'user' because 'user' implies 'noexec'.
See the manual page for mount(1) for details.

Version-Release number of selected component (if applicable):

hal-0.4.0-3

Comment 1 Michal Jaegermann 2004-10-18 18:12:49 UTC
'man fstab-sync' does not seem to mention explicitely how an order of
options in, possibly, system administrator edited files translates
on generated option lines in /etc/fstab; if such relationship indeed
exists even if it should and should be clearly specified.

I would also think that a default 'noexec' is vastly preferable
in general to an 'exec' mount option and relaxing that should be left
to a sysadmin of a given system.

'man fstab-sync' should also stress that changes need to be _appended_
to other options and explicitly explain how to achieve that effect.

Comment 2 David Zeuthen 2004-10-19 01:35:22 UTC
Issue Should be fixed in hal-0.4.0-4.

> 'man fstab-sync' does not seem to mention explicitely how an order of
> options in, possibly, system administrator edited files translates
> on generated option lines in /etc/fstab; if such relationship indeed
> exists even if it should and should be clearly specified.

By reviewing the source code for mount(1) in util-linux one will find
that the only requirement on the order is that 'user', 'users',
'pamconsole' and 'defaults' needs to come before others as they other
imply options. Note that these four are, for all practical purposes,
mutually exclusive so the ordering between them is not neccessary to
take into account. Also note that the syscall mount(2) doesn't use
ordering as mount options is given as a union of bits.

> I would also think that a default 'noexec' is vastly preferable
> in general to an 'exec' mount option and relaxing that should be
> left to a sysadmin of a given system.

You will have to file another bug to discuss this in. I don't really
see any attack scenario though; what prevents Mallory from copying a
file to his home directory and chmod a+x it?

Comment 3 Need Real Name 2005-01-13 05:19:29 UTC
Because "Mallory's" home directory is ALSO mounted noexec.


Note You need to log in before you can comment on or make changes to this bug.