Bug in Linux Mount

[jajcus () ZEUS POLSL GLIWICE PL (Jacek Konieczny)]

Hi,

While mounting a CD-ROM from some magazine I have found a bug in linux
kernel or mount program.

My /etc/fstab contains:
/dev/cdrom /mnt/cdrom iso9660 user,noauto,ro,noexec,check=relaxed  0 0

/dev/cdrom is:
brw-r--r--   1 root     root      22,   0 cze  1  1998 /dev/cdrom

/mnt/cdrom is:
drwxr-xr-x   2 root     root         1024 gru 29  1997 /mnt/cdrom

When mounting cdrom as normal user:
[jacek@koniu jacek]$mount -v /mnt/cdrom
/dev/cdrom on /mnt/cdrom type iso9660 (ro,noexec,nosuid,nodev,check=relaxed)

But:
[jacek@koniu jacek]$ls -l /mnt/cdrom/index.htm
-r-xr-xr-x   1 root     root          869 lis 15  1997 /mnt/cdrom/index.htm

As you can see the file (and all other files on the CD) have all execute
bit set, although filesystem is mounted by user and with "noexec".

I am not sure what type of filesystem it is, probably some kind of
Joliet, but this means that one can prepare a CDROM so it can start
programs from it even on system he isn't supposed to do so.

[jacek@koniu jacek]$uname -r
2.2.5
[jacek@koniu jacek]$rpm -q mount
mount-2.7l-3

Greets,
    Jacek
--
+---------+--------------------------------------------------------+
!      ,  !            Jacek Konieczny, Gliwice, Poland            !
! Jajcus  !   email: jajcus () zeus polsl gliwice pl, jacek () kde org   !
!         ! ICQ# 7149127                           WWW: none (yet) !
+---------+--------------------------------------powered-by-Linux--+