Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 81206 - sys-apps/hal-0.4.7: /usr/share/hal/fdi/90defaultpolicy/storage-policy.fdi should set devices noexec by default.
Summary: sys-apps/hal-0.4.7: /usr/share/hal/fdi/90defaultpolicy/storage-policy.fdi sho...
Status: RESOLVED WONTFIX
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Core system (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Project Gentopia
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-02-08 01:06 UTC by Sundance
Modified: 2005-12-29 22:31 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sundance 2005-02-08 01:06:39 UTC
In HAL 0.4.7 (and probably earlier versions as well), the file /usr/share/hal/fdi/90defaultpolicy/storage-policy.fdi, which defines the mount options used to attach removable media to the filesystem, sets the 'exec' option on the media by default. For security reasons, this is not a very good idea, and the following micropatch may need applying:

--- storage-policy.fdi  2005-02-08 10:04:15.712243769 +0100
+++ storage-policy.fdi.safe     2005-02-08 10:04:06.608035379 +0100
@@ -15 +15 @@
-      <merge key="storage.policy.default.mount_option.exec" type="bool">true</merge>
+      <merge key="storage.policy.default.mount_option.noexec" type="bool">true</merge>

Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Comment 1 Mike Gardiner (RETIRED) gentoo-dev 2005-09-14 22:07:57 UTC
Hmm, not sure about this - foser?
Comment 2 Doug Goldstein (RETIRED) gentoo-dev 2005-12-29 22:31:11 UTC
Actually I disagree and this has been discussed on the HAL mailing list AFAIK and they too disagreed.

So I'm closing out the issue. It's been present in all HAL versions. I would take it up with UPSTREAM if you want it changed.