Description of problem: I edited /usr/share/hal/fdi/policy/10osvendor/20-storage-methods.fdi to remove the two lines that contained noexec as valid mount options. If I understand correctly, not having "noexec" as a valid option should cause it to not be applied. After I inserted a usb key, it still got mounted as noexec, based on the shell script /usr/share/hal/scripts/hal-system-storage-mount which mounts with noexec. I have restarted my machine (yes, this means hal) and the problem persists. hal-0.5.7-3 Davidz suggests I file this as a security bug.
Right, I did suggest to file this as a security bug just in case. However, the effect is that noexec always gets applied and that was intended back then when I wrote the /usr/share/hal/scripts/hal-system-storage-mount script - in fact just to be on the safe side we always append noexec,nosuid,nodev. (btw, in upstream hal this rather fragile (yet secure I'd argue) script is replaced by C code using glib and I feel a lot more confident that way) I agree with you insofar that the right answer here is to allow both 'exec' and 'noexec' and make e.g. gnome-mount uses 'noexec' as default and 'exec' for fixing the autorun case (which you filed as bug 188092)... This is relaxing things a little bit but, really, noexec never really made things secure as users could always move files to /tmp or $HOME and chmod a+x said file. Surely we still want to apply nodev and nosuid. So there is no security issue here. I'm adjusting this bug to remove the security senstive flags etc. I have made a note to fix this upstream. Patches against HAL CVS HEAD welcome.
This can be closed now I think.
(see explanation in bug 188092 for details)