[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [opensuse-security] Exec option for Encrypted Partition



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



The Thursday 2008-03-27 at 09:13 -0300, Alvin wrote:

How can I set the execute option when mounting an encrypted partition? I am
using openSUSE 10.3 and have created an encrypted partition using Yast.

In 10.2, I simply added the 'exec' option to /etc/cryptotab. However, in 10.3
encrypted partitons are done using a combination of /etc/crypttab
and /etc/fstab files. I have tried adding 'exec' to the
appropriate /etc/fstab entry, but that doesn't work.

I hadn't noticed before, but you are right.

I have one partition mounted via /etc/cryptotab, which is not "noexec":

mount:
/dev/mapper/cryptotab_loop0 on /cripta type xfs (rw,noatime,nodiratime)


The options I use in /etc/cryptotab  are:

/dev/loop0   /dev/disk/by-id/ata-ST3320620A_5QF2M56F-part15   /cripta xfs   twofish256   noatime,nodiratime


However, another partition mounted via "/etc/crypttab":

mycrypt_mm_f   /biggy/crypta_f.mm.x  none  cipher=twofish-cbc-plain,size=256,hash=sha512,noauto,loop

and /etc/fstab:

/dev/mapper/mycrypt_mm_f  /mnt/crypta.mm.x   xfs   noauto,user,noatime,nodiratime  1 4


is in fact mounted noexec, and nosuid and nodev:

mount:
/dev/mapper/mycrypt_mm_f on /mnt/crypta.mm.x type xfs (rw,noexec,nosuid,nodev,noatime,nodiratime)


Ie, something is specifying mount options we did not request.


- -- Cheers,
       Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)

iD8DBQFH6/6mtTMYHG2NR9URAn0eAJoDcW0pgEK32KjjfwvFmpnzRFPmkwCeLWO2
0ecnRwE4Z5ZkkKxWU5esVw4=
=kyWh
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx