Hide Forgot
Please implement a system-wide option that could enforce using the "noexec" option on all mounts by unprivileged users. On desktop systems, the "noexec" option can protect users against mistakenly running applications. On high-security systems, system policy may forbid running binaries that were not installed by the system administrator, and such policies are required by some industry standards. On systems with such policies, /tmp and /home may be also mounted "noexec", or an auditing mechanism can be used to watch violations of this policy; the ability of an user to mount an external volume that contains executables would bypass these measures. Currently the only option seems to be configuring PolicyKit to completely forbid mounting of removable media by unprivileged users, which results in a significant loss of functionality.
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux. If you would like it considered as an exception in the current release, please ask your support representative.
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. It has been proposed for the next release. If you would like it considered as an exception in the current release, please ask your support representative.
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate, in the next release of Red Hat Enterprise Linux.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-1336.html