[Samba] noexec as CVE-2017-7494 mitigation

Klaus Hartnegg hartnegg at gmx.de
Fri May 26 08:19:48 UTC 2017

Am 24.05.2017 um 17:50 schrieb Jeremy Allison via samba:

> Here are some mitigation techniques from Red Hat in
> case servers cannot be patched immediately:

> 2. Mount the filessytem which is used by samba for its writeable share,
> using "noexec" option.

I would have expected this to be standard security precaution on all 
pure file servers (which is probably the most common use of Samba).

Should the Samba-Wiki tell so, or shouldn't all Linux admins be sane 
enough do already do this?

More information about the samba mailing list