diff options
| author | Martin Natano <natano@cvs.openbsd.org> | 2016-10-06 21:00:01 +0000 |
|---|---|---|
| committer | Martin Natano <natano@cvs.openbsd.org> | 2016-10-06 21:00:01 +0000 |
| commit | 9babffb950ad1ed3d3f1f7f7ba88b7eb948e370a (patch) | |
| tree | 7b60fa3717b5b891f2d81549578e6720cffc3cd6 /sbin/mount/mount.8 | |
| parent | 8c27114eb450538657497a598fbb1c8789be820b (diff) | |
On noperm mount points honor the permissions of the root directory, so
access can be locked down.
ok deraadt tb
Diffstat (limited to 'sbin/mount/mount.8')
| -rw-r--r-- | sbin/mount/mount.8 | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sbin/mount/mount.8 b/sbin/mount/mount.8 index 7a5109d2723..79fcff36172 100644 --- a/sbin/mount/mount.8 +++ b/sbin/mount/mount.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: mount.8,v 1.87 2016/10/06 11:43:30 schwarze Exp $ +.\" $OpenBSD: mount.8,v 1.88 2016/10/06 21:00:00 natano Exp $ .\" $NetBSD: mount.8,v 1.11 1995/07/12 06:23:21 cgd Exp $ .\" .\" Copyright (c) 1980, 1989, 1991, 1993 @@ -204,6 +204,8 @@ directories in the mounted file system. This allows unprivileged users to construct a file hierarchy containing special device nodes and files with arbitrary file mode, owner or group without restriction. +Only the owner, group and mode of the root directory of the filesystem +will be honored so access to the filesystem can be locked down. The noperm option also enables the nodev and noexec options to ensure that interpretation of the file modes and special devices cannot be used to gain privileges. |