Re: [RFC] [PATCH] allowing user mounts

[Miklos Szeredi]

Rik van Riel wrote:
> On Tue, 17 Feb 2004, Miklos Szeredi wrote:
> 
> > This patch (against 2.6.3-rc4) allows the use of the mount syscall by
> > non-root users in a controlled, and secure (I hope) way.  I'd very
> > much appreciate any comments,
> 
> Just as a curiosity, why not do this in userspace ?

There's a simple enough reason: it can't be done securely.

The reason is, that the path lookup for the mountpoint is performed by
the mount syscall, so the permissions of the looked up inode can only
be checked in the mount syscall.

> You'll notice that /bin/mount already is a suid application,
> so you could just add your functionality there, or write your
> own suid mount application.

Yeah, it's been done (fusermount in FUSE), but it cannot be made truly
secure.

> As an added bonus, you'd be able to have a more flexible
> configuration framework then what would ever be accepted
> into the kernel, without needing to go through the effort
> of getting anything merged into the kernel.

But you don't need a configuration framework for simple filesystem
operations like mkdir, etc.  IMHO mount should be one of those simple
operations, since it's a very powerful addition to the other
filesystem tools.

My feeling that it really can be done simply without a lot of
framework in kernel.  I know Al Viro had some ideas about this (see
the #ifdef in mount_is_safe() in fs/namespace.c), but he seems to be
onto other things now, and doesn't care about the VFS any more ;-(.

Thanks for your comments,
Miklos
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/