Add verbiage to the description of the noexec mount option clarifying

that it really wasn't intended as a security feature. Wording mostly by: simon Discussed with: secteam
2005-03-23 04:17:48 +00:00 · 2005-03-23 04:17:48 +00:00 · 18a3dd1e34
commit 18a3dd1e34
parent 0cdbdea6e4
1 changed files with 5 additions and 0 deletions
--- a/sbin/mount/mount.8
+++ b/sbin/mount/mount.8
@ -181,6 +181,11 @@ Disable write clustering.
 Do not allow execution of any binaries on the mounted file system.
 This option is useful for a server that has file systems containing
 binaries for architectures other than its own.
+Note: This option was not designed as a security feature and no
+guarantee is made that it will prevent malicious code execution; for
+example, it is still possible to execute scripts which reside on a
+.Cm noexec
+mounted partition.
 .It Cm nosuid
 Do not allow set-user-identifier or set-group-identifier bits to take effect.
 Note: this option is worthless if a public available suid or sgid