Re: [patch 0/8] unprivileged mount syscall

From: Jan Engelhardt
Date: Fri Apr 06 2007 - 20:02:40 EST

Next message: Andrew Morton: "Re: [PATCH] [sched] redundant reschedule when set_user_nice()boosts a prio of a task from the "expired" array"
Previous message: Jeremy Fitzhardinge: "[patch 2/4] clean up identify_cpu"
In reply to: H. Peter Anvin: "Re: [patch 0/8] unprivileged mount syscall"
Next in thread: H. Peter Anvin: "Re: [patch 0/8] unprivileged mount syscall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Apr 6 2007 16:16, H. Peter Anvin wrote:
>> >
>> > - users can use bind mounts without having to pre-configure them in
>> > /etc/fstab
>> >
>
> This is by far the biggest concern I see. I think the security implication of
> allowing anyone to do bind mounts are poorly understood.

$ whoami
miklos
$ mount --bind / ~/down_under

later that day:
# userdel -r miklos

So both the source (/) and target (~/down_under) directory must be owned
by the user before --bind may succeed.

There may be other implications hpa might want to fill us in.

Regards,
Jan
--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: [PATCH] [sched] redundant reschedule when set_user_nice()boosts a prio of a task from the "expired" array"
Previous message: Jeremy Fitzhardinge: "[patch 2/4] clean up identify_cpu"
In reply to: H. Peter Anvin: "Re: [patch 0/8] unprivileged mount syscall"
Next in thread: H. Peter Anvin: "Re: [patch 0/8] unprivileged mount syscall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]