Displaying 20 results from an estimated 334 matches for "noexec".
2019 Sep 12
2
Fw: Btrfs Samba and Quotas
Hello Hendrik
Can you help input 2 commands 'mount' and 'df -TPh' on OMV,
and post the output to us, thank you.
--
Regards,
Jones Syue | ???
QNAP Systems, Inc.
2013 Jun 10
1
Re: libvirt_lxc and sysfs
...in container:
cat /proc/mounts
[root@Donkey /]# cat /proc/mounts
rootfs / rootfs rw 0 0
devpts /dev/pts devpts rw,nosuid,relatime,gid=5,mode=620,ptmxmode=666 0 0
devfs /dev tmpfs rw,nosuid,relatime,size=64k,mode=755 0 0
/dev/sdb2 / ext4 rw,relatime,data=ordered 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
proc /proc/sys proc ro,relatime 0 0
sysfs /sys sysfs ro,relatime 0 0
libvirt /proc/meminfo fuse rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other 0 0
tmpfs /sys/fs/cgroup tmpfs rw,nosuid,nodev,noexec,relatime,size=64k,mode=755,uid=1000,gid=1000 0 0
cgroup /sys/fs/cgroup/cpu,cpu...
2019 Sep 12
0
Fw: Btrfs Samba and Quotas
...tmpfs 64M 0 64M 0%
/sharedfolders/docker_dir/containers/6ba835083cc278f2efc9ca822f30c802d67a064c8646c836b0bcb28be6de17b0/mounts/shm
r
mount
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
udev on /dev type devtmpfs
(rw,nosuid,relatime,size=6084724k,nr_inodes=1521181,mode=755)
devpts on /dev/pts type devpts
(rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs
(rw,nosuid,noexec,relatime,...
2005 Sep 22
7
Mounting filesystems with "noexec"
Hello,
I've been playing a bit with the "noexec" flag for filesystems. It
can represent a substantial obstacle against the exploitation of
security holes.
However, I think it's not perfect yet.
First thing, an attempt to execute a program from a noexec-mounted
filesystem should be logged. It is either a very significant security...
2013 Sep 03
2
No valid cgroup for machine...
...ass this error?
offlinehacker:~/ $ virsh --debug 0 -c lxc:/// create o1.xml
create: file(optdata): o1.xml
error: Failed to create domain from o1.xml
error: internal error: No valid cgroup for machine c1
My cgroups seem to be mounted:
cgroup on /sys/fs/cgroup/systemd type cgroup
(rw,nosuid,nodev,noexec,relatime,release_agent=/run/current-system/systemd/lib/systemd/systemd-cgroups-agent,name=systemd)
cgroup on /sys/fs/cgroup/cpuset type cgroup
(rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup
(rw,nosuid,nodev,noexec,relatime,cpuacct,cpu)
cgroup on /sys/fs/cg...
2017 Feb 26
1
error : Failed to switch root mount into slave mode: Permission denied
...arch ~]# uname -a
Linux arch 4.8.0-39-generic #42~16.04.1-Ubuntu SMP Mon Feb 20 15:06:07 UTC 2017 x86_64 GNU/Linux
[root@arch ~]# cat /proc/mounts
storage/lxd_root/containers/arch / zfs rw,noatime,xattr,posixacl 0 0
none /dev tmpfs rw,relatime,size=492k,mode=755 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
proc /proc/sys/net proc rw,nosuid,nodev,noexec,relatime 0 0
proc /proc/sys proc ro,nosuid,nodev,noexec,relatime 0 0
proc /proc/sysrq-trigger proc ro,nosuid,nodev,noexec,relatime 0 0
sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0
sysfs /sys sysfs ro,nosuid,nodev,noexec,relatime 0...
2017 Oct 18
2
Can we disable write to /sys/fs/cgroup tree inside container ?
Hi all
Each lxc container on node have mounted tmpfs for cgroups tree:
[root-inside-lxc@tst1 ~]# mount | grep cgroups
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup
(rw,nosuid,nodev,noexec,relatime,cpuacct,cpu)
cgroup on /sys/fs/cgroup/cpuset type cgroup
(rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/memory type cgroup
(rw,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/devices type cgroup
(rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cg...
2012 Jun 07
1
noexec tmp directory
Hello,
I am fixing up a system for someone and they did not make a separate
partition for /tmp...but I want to make it noexec, nosuid.
I came across a site that said I could skip all the mount/unmount and
new partition stuff (which would probably include downsizing a lvm to
make room for it)... by adding this in fstab
/tmp /tmp bind nosuid,noexec,bind 0 0
and then reboot...
There is no /tmp in their fstab at the...
2013 Jun 10
2
Re: libvirt_lxc and sysfs
On Mon, Jun 10, 2013 at 09:07:08AM +0800, Gao feng wrote:
> On 06/09/2013 08:14 PM, pr.G wrote:
> > Hello.
> >
> > Is it possible to start container via libvirt_lxc without mounting /sys
> > inside container?
> >
> > When I start container via lxc-start and do not add mount point to config,
> > then /sys inside container is empty.
> >
>
2020 Sep 25
2
Debian client/workstation pam_mount
...:76):
Sep 25 13:45:46 ubuntucliente lightdm[702]: (mount.c:76): In some
cases useful info is found in syslog - try
Sep 25 13:45:46 ubuntucliente lightdm[702]: (mount.c:76): dmesg |
tail or so.
Sep 25 13:45:46 ubuntucliente lightdm[702]: (mount.c:558): 22 27 0:21 /
/sys rw,nosuid,nodev,noexec,relatime shared:7 - sysfs sysfs rw
Sep 25 13:45:46 ubuntucliente lightdm[702]: (mount.c:558): 23 27 0:4 /
/proc rw,nosuid,nodev,noexec,relatime shared:12 - proc proc rw
Sep 25 13:45:46 ubuntucliente lightdm[702]: (mount.c:558): 24 27 0:6 / /dev
rw,nosuid,relatime shared:2 - devtmpfs udev
rw,size=99...
2017 Feb 15
4
Serious attack vector on pkcheck ignored by Red Hat
...d:
>> On Wed, 2017-02-15 at 09:47 -0600, Johnny Hughes wrote:
>> > 2. They already have shell access on the machine in question and they
>> > can already run anything in that shell that they can run via what you
>> > are pointing out.
>>
>> No, assuming noexec /home mounts all they can run is system binaries.
>
> noexec is not that big of a protection. On a normal CentOS system, you
> almost certainly have python installed (as well as likely other
> scripting languages such as perl), and they can be used to do just about
> anything compil...
2017 May 26
1
noexec as CVE-2017-7494 mitigation
Am 24.05.2017 um 17:50 schrieb Jeremy Allison via samba:
> Here are some mitigation techniques from Red Hat in
> case servers cannot be patched immediately:
> 2. Mount the filessytem which is used by samba for its writeable share,
> using "noexec" option.
I would have expected this to be standard security precaution on all
pure file servers (which is probably the most common use of Samba).
Should the Samba-Wiki tell so, or shouldn't all Linux admins be sane
enough do already do this?
2009 Jun 27
1
Re: Wine crashes with ~/.wine on mount point with noexec set ind
Sjors Gielen wrote:
> Then I noticed that the partition /dev/sdb2 was mounted noexec, so I
> umounted ~/.wine and /media/sdb2, remounted /dev/sdb2 with exec, and
> remounted ~/.wine - and it all worked again.
>
> This is with Wine 1.1.24. Has this always been behavior, or is it a
> regression somewhere?
Wine will not work / run programs from mount mounted with noex...
2017 Feb 15
3
Serious attack vector on pkcheck ignored by Red Hat
Hello Johnny,
On Wed, 2017-02-15 at 09:47 -0600, Johnny Hughes wrote:
> 2. They already have shell access on the machine in question and they
> can already run anything in that shell that they can run via what you
> are pointing out.
No, assuming noexec /home mounts all they can run is system binaries.
> 3. If they have access to a zeroday issue that give them root .. they
> can just use that via their shell that they already have (that you gave
> them, which they are using) to get root .. they therefore don't need to
> use this...
2009 Aug 24
2
Mounting /tmp nosuid,noexec
Does mounting /tmp as noexec,nosuid break anything in CentOS 5? I've been in
solaris land forever and a day and this is a pretty standard security
measure. I noticed CentOS comes default mounting /tmp with both those
options allowed.. I'm getting constant php hack attacks against (mostly
script kiddie level stuff right...
2020 Sep 25
3
Debian client/workstation pam_mount
Error on domain option !!
Sep 25 12:04:33 ubuntucliente lightdm[702]: (mount.c:664): Password will be
sent to helper as-is.
Sep 25 12:04:33 ubuntucliente lightdm[702]: command: 'mount' '-t' 'cifs'
'//domain-server2/FS_PRUEBA_3' '/home/prueba3/compartido' '-o'
'username=prueba3,uid=50006,gid=50027,username=prueba3,uid=50006,gid=50027,domain'
2020 Sep 24
1
helping whith pam_mount
...:22:21 ubuntucliente kernel: [ 1975.010067] CIFS VFS: cifs_mount
failed w/return code = -13
Sep 24 10:22:21 ubuntucliente lightdm[708]: (mount.c:76): mount: cannot
mount //10.11.37.155/FS_PRUEBA_3 read-only
Sep 24 10:22:21 ubuntucliente lightdm[708]: (mount.c:558): 22 27 0:21 /
/sys rw,nosuid,nodev,noexec,relatime shared:7 - sysfs sysfs rw
Sep 24 10:22:21 ubuntucliente lightdm[708]: (mount.c:558): 23 27 0:4 /
/proc rw,nosuid,nodev,noexec,relatime shared:12 - proc proc rw
Sep 24 10:22:21 ubuntucliente lightdm[708]: (mount.c:558): 24 27 0:6 / /dev
rw,nosuid,relatime shared:2 - devtmpfs udev
rw,size=99...
2017 Feb 27
2
Redhat 7: cgroup CPUACCT controller is not mounted
...got the following error:
error: Failed to retrieve CPU statistics for domain 'MY_DOMAIN'
error: Requested operation is not valid: cgroup CPUACCT controller is not mounted
- I checked that cgroup is well mounted:
$ cat /proc/mounts | grep cgroup
tmpfs /sys/fs/cgroup tmpfs ro,nosuid,nodev,noexec,mode=755 0 0 cgroup /sys/fs/cgroup/systemd cgroup rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd 0 0 cgroup /sys/fs/cgroup/devices cgroup rw,nosuid,nodev,noexec,relatime,devices 0 0 cgroup /sys/fs/cgroup/hugetlb cgroup rw,nosuid,nodev,noexec,...
2020 Sep 25
2
Debian client/workstation pam_mount
...:76):
Sep 25 10:00:15 ubuntucliente lightdm[702]: (mount.c:76): In some
cases useful info is found in syslog - try
Sep 25 10:00:15 ubuntucliente lightdm[702]: (mount.c:76): dmesg |
tail or so.
Sep 25 10:00:15 ubuntucliente lightdm[702]: (mount.c:558): 22 27 0:21 /
/sys rw,nosuid,nodev,noexec,relatime shared:7 - sysfs sysfs rw
Sep 25 10:00:15 ubuntucliente lightdm[702]: (mount.c:558): 23 27 0:4 /
/proc rw,nosuid,nodev,noexec,relatime shared:12 - proc proc rw
Sep 25 10:00:15 ubuntucliente lightdm[702]: (mount.c:558): 24 27 0:6 / /dev
rw,nosuid,relatime shared:2 - devtmpfs udev
rw,size=99...