Impact of removing noexec for /var in /etc/fstab
search cancel

Impact of removing noexec for /var in /etc/fstab

book

Article ID: 195547

calendar_today

Updated On:

Products

CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway

Issue/Introduction

What are the implications of removing noexec parameter from /etc/fstab for /var filesystem?

Before :
/dev/mapper/vg00-lv_var /var                    ext3    rw,nosuid,nodev,noexec,auto,nouser,async,relatime,acl1 2
After :
/dev/mapper/vg00-lv_var /var                    ext3    rw,nosuid,nodev,auto,nouser,async,relatime,acl 1 2


Environment

Release : 10

Component : API Gateway Appliances

Cause

During an installation of third-party software, it was found that the option 'NOEXEC' flag in the mount command does not allow the execution of executable binaries in the mounted file system.

Resolution

The noexec option was added as a security measure for the Gateway appliances. This and other security measures are a result of the hardened CentOS provided in appliances.

There is no functional impact by allowing the exec permission for the /var mount (filesystem) but you are compromising the security.

Powered by Wolken Software