ENFORCE EXECUTE PERMISSIONS, MNT_NOEXEC
>problem 3: I noticed that anyone could run shutdown. the permissions were
>
>-rwsr-x--- owner root group operator. I changed the permissions to
>-r-x------ and anyone can still run it. (you get the shutdown: NOT super-user)
This is a big security hole. In 0.0, a VOP_ACCESS was used, but root always
succeeds (and tries to execute anything). But the check for a single execute
bit is wrong too. I put the VOP_ACCESS back but also checked to make sure
at least one execute bit is on before root can execute the file. I also
checked if the filesystem was mounted for execution:
AUTHOR: Mark Tinguely (tinguely@plains.nodak.edu)
386BSD-Patchkit: patch00024