In article <MeV8_XO00WBKQ34Uo8@andrew.cmu.edu> fl0p+@andrew.cmu.edu (Frank T Lofaro) writes:
quoted text
>    By the way, what is the right behaviour for a (correctly working)
> nosuid option when a user tries to run a suid progam off a nosuid
> partition? Say permission denied, or let the program run without
> setuid/setgid permissions? Does POSIX have anything to say on this?

I don't know, what POSIX has to say about it, but Linux' nosuid acts like
IRIX' (IRIX claims to comply with POSIX and I've found its behaviour very
reasonable):

If your euid == 0 (you're root): perform the suid/sgid operation.
(Reason: you can't gain power by this, but you might want to alter your
uid/gid, e.g. if your /bin/passwd is sgid shadow, you don't want to run
it with egid != shadow.)

If your euid != 0 and you already have the privileges you'd get by the
suid/sgid bits (to say: you're already that user or you're already in
that group), the exec is performed.

If your euid != 0 and you'd gain anything from the suid/sgid bits, exec
is refused with an error EPERM. If you really insist in running that
program, you can make a copy of it and run that, if it's readable. It's
better to get the error before running the program than to have it fail
in mysterious ways.

- Werner
-- 
   _________________________________________________________________________
  / Werner Almesberger, ETH Zuerich, CH      almesber@nessie.cs.id.ethz.ch /
 / IFW A44  Tel. +41 1 254 7213                 almesberger@rzvax.ethz.ch /
/_BITNET:_ALMESBER@CZHETH5A__HEPNET/CHADNET:_[20579::]57414::ALMESBERGER_/