David Wright <[EMAIL PROTECTED]> writes: > Quoting Thomas Bushnell, BSG ([EMAIL PROTECTED]): > > Ian <[EMAIL PROTECTED]> writes: > > > so surely, if nothing needs to be executed, it is better to mount > > > noexec? > > > > noexec has no good purpose, really. But it's intention was for > > networked filesystems in certain environments, not a generalized > > security tool. > > It's very useful for mounting filesystems like vfat, where otherwise > all the files are marked executable which makes mc a PITA to use for > examining archive files (mc tries to execute them!).
Ah, interesting. ;) Of course, that isn't a security related reason. It would probably be better if vfat had a more clever way of marking them executable: perhaps it should look at the file to see whether the kernel *could* conceivable execute it.
