On Wed, 31 May 2000, Chris Evans wrote:
> Hi,
>
> I notice that in 2.3.99pre9 and newer, the system call mount(2) will under
> some circumstances allow unprivileged users to mount things.
Yes, it does.
> Can anyone elaborate on what precisely we allow and why? Despite being
> named "do_loopback", it looks like a simple aliasing mechanism.
Yes, it is, and yes, it happened to be simple after some work ;-)
> At the very least, mount_is_safe() would seem to be missing a check for
> write permission on the parent directory of the mount-point.
Hmm... What's the problem with situation when you have write permissions
on mountpoint but not on its parent? MAY_WRITE on mountpoint is checked,
unless I've really fscked up. Comments on security implications are more
than welcome - the variant I've done was, basically, "can we reach the
thing to be mounted anyway and can we already do whatever we want with the
contents of the mountpoint?"
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Jun 07 2000 - 21:00:11 EST