FWIW (not much), I'm going to go with Chet on this. It may be my ignorance speaking, but what can I do in a BASH shell script which I cannot do (at all) just by entering the commands by hand?
On Wed, Dec 16, 2015 at 2:23 PM, Chet Ramey <chet.ra...@case.edu> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 12/14/15 12:17 AM, Mike Frysinger wrote: > > > > > (1) the examples i already provided do not involve the user at all, and > > include systems where the user has no direct access to the shell. > > You didn't really provide any examples. You mentioned ChromeOS and vaguely > referenced "other verified boot systems". > > If non-general-purpose systems is the set of systems for which this > proposal is in scope, that changes the impact. Since you generally build > custom versions for such systems, a configuration-time option to enable > this behavior is more reasonable. > > > (2) choice over runtime functionality is by the sysadmin, not the user. > > In this case, or in general? > > > (3) i disagree over the scope of noexec. i think this is in-scope. > > I really don't agree that it's in the spirit of noexec. > > - -- > ``The lyf so short, the craft so long to lerne.'' - Chaucer > ``Ars longa, vita brevis'' - Hippocrates > Chet Ramey, ITS, CWRU c...@case.edu > http://cnswww.cns.cwru.edu/~chet/ > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iEUEARECAAYFAlZxyEoACgkQu1hp8GTqdKs7iwCeN3RSffaijMfXrzceHrbksjXE > W1oAl0qJHWNo/qNu0cOijRbbNEzDJt4= > =kLgz > -----END PGP SIGNATURE----- > > -- Schrodinger's backup: The condition of any backup is unknown until a restore is attempted. Yoda of Borg, we are. Futile, resistance is, yes. Assimilated, you will be. He's about as useful as a wax frying pan. 10 to the 12th power microphones = 1 Megaphone Maranatha! <>< John McKown
