Is automatically mounting drives with the exec flag a security vulnerability?

Question

I'm trying to understand what the noexec flag actually accomplishes. Does it prevent all executions originating from that file system? Or is it only ones that aren't in the bin folder?

In addition, let's say I manage to set exec as the default flag for all drives. Is there actually a risk that I could plug in a USB and it would automatically execute malicious code? Is this what noexec exists for, or is it only there to prevent users from doing stupid things with random executables?

This is different from the suggested duplicate as the duplicate does not explain whether there are security vulnerabilities associated with this practice.

Answer 1

If you check the fstab page:

exec / noexec:

exec lets you execute binaries that are on that partition, whereas noexec does not let you do that. noexec might be useful for a partition that contains no binaries, like /var, or contains binaries you do not want to execute on your system, or that cannot even be executed on your system, as might be the case of a Windows partition.

It prevents executions if you´re not an authorized user. If you put exec by default a USb will be able to run something (from the mounted media) but only with it´s current user rights.