Is it safe to add noexec mount option while mounting devtmpfs on /dev? I am asking this because in my ubuntu machine the default option is rw,nosuid,realtime (found using cat /proc/mounts | grep /dev). Is there any reason for not adding noexec by default?
Asked
Active
Viewed 919 times
4
1 Answers
5
No.
There are still programs such as /sbin/v86d around, even now, that memory-map /dev/zero with PROT_EXEC, for no good reason.
Further reading
- Mikulas Patocka (2019-09-13).
udevmounts/devwith thenoexecflag. Debian bug #940171. - Michal Januszewski (2008-09-21).
v86dsegfaults with-x86emu, but works if this flag is enabled. Gentoo bug #226107.
JdeBP
- 68,745
-
this is what I am looking for, tnx for your valuable response – Karthik Nedunchezhiyan Apr 23 '20 at 11:23