[linux-cifs-client] nosuid, noexec mount options
Steve French
smfltc at us.ibm.com
Wed Feb 11 23:21:24 GMT 2004
Support for noexec and nosuid has been added to the current mount.cifs.c
mount helper code (now called version 1.1 of mount.cifs) the and tested
with current 2.6 kernel code and cifs vfs (should be fine with 2.4 as
well) to verify that files that were "chmod +s" behaved as expected
depending on who the local user was and what the suid/nosuid setting was
on the mount command.
This is an important security feature in some environents and a similar
fix needs to be made to smbfs. I have not looked into smbmnt enough to
see if the change would be easy for that as well (I suspect so) but will
check whether Urban to see whether something similar is needed.
These two mount options allow the user who performs the mount to
restrict the ability of the local system to execute programs located on
cifs mounted servers.
Other mount options (such as nodev) have been added to the mounthelper
as well but need testing.
More information about the linux-cifs-client
mailing list