From owner-svn-doc-all@FreeBSD.ORG  Mon Jun  3 21:25:08 2013
Return-Path: <owner-svn-doc-all@FreeBSD.ORG>
Delivered-To: svn-doc-all@freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id C2DCD7A
 for <svn-doc-all@freebsd.org>; Mon,  3 Jun 2013 21:25:08 +0000 (UTC)
 (envelope-from lists@eitanadler.com)
Received: from mail-pb0-x235.google.com (mail-pb0-x235.google.com
 [IPv6:2607:f8b0:400e:c01::235])
 by mx1.freebsd.org (Postfix) with ESMTP id 9B31118F5
 for <svn-doc-all@freebsd.org>; Mon,  3 Jun 2013 21:25:08 +0000 (UTC)
Received: by mail-pb0-f53.google.com with SMTP id un4so6277555pbc.12
 for <svn-doc-all@freebsd.org>; Mon, 03 Jun 2013 14:25:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=eitanadler.com; s=0xdeadbeef;
 h=mime-version:sender:in-reply-to:references:from:date
 :x-google-sender-auth:message-id:subject:to:cc:content-type;
 bh=hiobxDbq6zZHlVX9V1jIPBrtAHZbO7b/R6l4FTGyOQY=;
 b=QgFO4KERc1oCp8GBXK7BggIbkOu5qcAbJ5RRXdfaZb33S/ZM/iv02L9d+/Fl+Agsaa
 phekdmu3aREfV3MQl4XVsXS7WROUFCS6i7u/kwUpori8TwTqGv5wxuRlCEXe1F2+aUsq
 vZ4xyC9esGbMNQYDOnz/8aNRpkb0Do5pkrRXs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=google.com; s=20120113;
 h=mime-version:sender:in-reply-to:references:from:date
 :x-google-sender-auth:message-id:subject:to:cc:content-type
 :x-gm-message-state;
 bh=hiobxDbq6zZHlVX9V1jIPBrtAHZbO7b/R6l4FTGyOQY=;
 b=L34TiklY7l5kDQOwbcjAFzC8s0LuwX2bMO/8mIiKVdgbmr9EL8Vt9MPmw5J3V44L1j
 0bAUJJOe9uxS7QVXZLuK9ItD6lpveCtBUvSiT9DZJtp5jZF0F5l0KsulEPkya8ajmV7b
 ECAZidnfr69DENfLzgOysXyn5N+NNcWFBSD7kn+TGn58Kkv09zPjfs3elMzVOZgeFIuz
 JSYJrstFRb+1Gw416aTDAHU3fi2/AtBY/gRiDbXMsRzJZ80kcAYbmu9U7vo+NGi0UGi6
 lFFSSQUzE/ufj+t6LjjZaaVqzN7m/NXanE2o6CmVxBCrMwInxnePZSHwZXkzgqAav6MA
 nH0Q==
X-Received: by 10.66.192.7 with SMTP id hc7mr25835491pac.206.1370294708442;
 Mon, 03 Jun 2013 14:25:08 -0700 (PDT)
MIME-Version: 1.0
Sender: lists@eitanadler.com
Received: by 10.70.45.33 with HTTP; Mon, 3 Jun 2013 14:24:38 -0700 (PDT)
In-Reply-To: <CADLo839J4617BexxpvZ_1fH6sM4zg5pdSYkLe51j9dET8bKY=w@mail.gmail.com>
References: <201306011544.r51FijdA036793@svn.freebsd.org>
 <20130603075528.31629010.trhodes@FreeBSD.org>
 <CAF6rxg=45Rz2spT5JWq8fHWx0T1EOFJ4dxNx5PimB+JyQE+wQw@mail.gmail.com>
 <CADLo839J4617BexxpvZ_1fH6sM4zg5pdSYkLe51j9dET8bKY=w@mail.gmail.com>
From: Eitan Adler <eadler@freebsd.org>
Date: Mon, 3 Jun 2013 23:24:38 +0200
X-Google-Sender-Auth: BlUxPlBpoBfz8KxGnXIfu3oBpqw
Message-ID: <CAF6rxgnY2=egW4eWd_1s8h_Bctr7XztxxY8tpLZCu1JXvh71uw@mail.gmail.com>
Subject: Re: svn commit: r41813 - head/en_US.ISO8859-1/books/handbook/basics
To: Chris Rees <utisoft@gmail.com>
Content-Type: text/plain; charset=UTF-8
X-Gm-Message-State: ALoCoQkrCuPWbpTXRtH0CU3hFHR3N6mC41jnIkJmXW98M4G8HZuTE1mWt7u74Tp79RDfFd0HHArb
Cc: svn-doc-head@freebsd.org, Tom Rhodes <trhodes@freebsd.org>,
 svn-doc-all@freebsd.org, doc-committers@freebsd.org
X-BeenThere: svn-doc-all@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "SVN commit messages for the entire doc trees \(except for &quot;
 user&quot; , &quot; projects&quot; , and &quot; translations&quot;
 \)" <svn-doc-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-doc-all>
List-Post: <mailto:svn-doc-all@freebsd.org>
List-Help: <mailto:svn-doc-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-doc-all>,
 <mailto:svn-doc-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Jun 2013 21:25:08 -0000

On 3 June 2013 16:24, Chris Rees <utisoft@gmail.com> wrote:
>
> On 3 Jun 2013 13:50, "Eitan Adler" <eadler@freebsd.org> wrote:
>>
>> On 3 June 2013 13:55, Tom Rhodes <trhodes@freebsd.org> wrote:
>> > On Sat, 1 Jun 2013 15:44:45 +0000 (UTC)
>> > Eitan Adler <eadler@FreeBSD.org> wrote:
>> >
>> >> Author: eadler
>> >> Date: Sat Jun  1 15:44:45 2013
>> >> New Revision: 41813
>> >> URL: http://svnweb.freebsd.org/changeset/doc/41813
>> >>
>> >> Log:
>> >>   The man page for mount(1) and the handbook disagree on the security
>> >> value of 'noexec'.  The man page is correct.
>> >>
>> >> Modified:
>> >>   head/en_US.ISO8859-1/books/handbook/basics/chapter.xml
>> >>
>> >> Modified: head/en_US.ISO8859-1/books/handbook/basics/chapter.xml
>> >>
>> >> ==============================================================================
>> >> --- head/en_US.ISO8859-1/books/handbook/basics/chapter.xml    Sat Jun
>> >> 1 15:37:57 2013        (r41812)
>> >> +++ head/en_US.ISO8859-1/books/handbook/basics/chapter.xml    Sat Jun
>> >> 1 15:44:45 2013        (r41813)
>> >> @@ -1790,15 +1790,6 @@ root     5211  0.0  0.2  3620  1724   2
>> >>
>> >>        <variablelist>
>> >>       <varlistentry>
>> >> -       <term>noexec</term>
>> >> -
>> >> -       <listitem>
>> >> -         <para>Do not allow execution of binaries on this file
>> >> -           system.  This is also a useful security option.</para>
>> >> -       </listitem>
>> >> -     </varlistentry>
>> >> -
>> >> -     <varlistentry>
>> >>         <term>nosuid</term>
>> >>
>> >>         <listitem>
>> >
>> > Why not fix rather than remove?
>>
>> This is not really a 'common' mount option to use.
>
> I use it on /tmp all the time; isn't it a nice thing to explain?

It is useful to avoid mistakes as the man page says ' This option is
useful for a server that has file systems containing binaries for
architectures other than its own.'
I think explaining noatime is more important than explaining noexec.
That said, this is a bikeshed argument.  Please feel free to add a
proper explanation of when noexec should be used.  I will have no
objection to that.


-- 
Eitan Adler
Source, Ports, Doc committer
Bugmeister, Ports Security teams