Bug 15435

Summary: Attempts to execute programs from a noexec filesystem should be logged
Product: Base System Reporter: borjam <borjam>
Component: kernAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 3.3-RELEASE   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
file.diff none

Description borjam 1999-12-12 10:30:01 UTC 
The option to mount a filesystem as "noexec" is a very useful security
option. However, for it to be really useful, attempts to execute
programs from filesystems mounted as "noexec" should be logged. It
could help to detect the use of exploits for security bugs.
The included diff (to kern_exec.c in 3.3-RELEASE) logs the attempts
as kern.notice messages.
Perhaps this should be controlled from a sysctl variable?
Comment 1 iedowse freebsd_committer freebsd_triage 2001-11-16 23:09:05 UTC 
State Changed
From-To: open->closed


While such logging might be useful in certain environments, it is 
not something that would be committed in this form. There are 
numerous other permission checks in virtually all system calls that 
might potentially be useful for security monitoring but we can't 
send syslog messages for every one. Maybe a better solution would 
be to use some kernel-wide syscall logging with filtering as 
necessary.