From: David C. <li...@ed...> - 2004-07-01 08:34:15
|
On Thursday 01 July 2004 08:02, Primero wrote: > On Wed, 30 Jun 2004 20:40:01 +0200, Erik de Bruijn > > An important addition I believe: > > I've mounted the root_fs and other files except for the kernel itself > > in a noexec filesystem. The kernel is only executable and not > > writable. HostFS is not compiled in the kernel. > Ok, but if you mount your root_fs in nonexec partition this apply only > to the "Host" system or also inside the "Guest" Machine? Since if it > would be so how do you USE your UML? As he's mentioned he's not using hostfs I'd assume this means that it's only nonexec on the host. Inside the UML, it's a filesystem so the files contained within it would have normal permissions. As an aside, putting the root filesystem in a nonexec partition is only secure if the users don't have access to loopback mounting it somewhere else. This shouldn't be too much of a problem though, as normally only root can do it anyway. David |