Re: fmount system call

Pavel Machek (pavel@atrey.karlin.mff.cuni.cz)
Thu, 24 Jul 1997 18:53:10 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Furquan A. Ansari: "memory problems"
Previous message: Michael Kiernan: "Re: aic7xxx: Couldn't find a free SCB"

> Date: Wed, 23 Jul 1997 18:18:18 +0200
> From: "Volker.Lendecke" <lendecke@math.uni-goettingen.de>
>
> during the smbfs-rewrite I remembered the security problem in smbmount
> and ncpmount. Both programs are designed to let the user mount remote
> file systems of his own. This is necessary because the remote file
> systems are per-user password protected. To do this, they check
> whether the user has write permissions on the mount point and then
> mount the file. Playing with links between the check and the real
> mount creates quite well-known races.
>
> As far as I can see this problem can be removed by a system call that
> accepts a file descriptor as a mount point.
>
> An alternate solution would be to allow users to run the mount system
> call as unprivileged users, but have the kernel enforce some basic
> security policy (users must own the mount point, nosuid, nodev,
> etc. would be turned on, etc.) I think BSD does this, and it's not
> necessarily a bad idea....

I do not agree. You can easily crash kernel by mounting damaged
image. Secure sites will not want this - so it should not be done in
kernel.

--
This is my little buggy signature...				Pavel
GCM d? s-: !g p?:+ au- a--@ w+ v- C++@ UL+++ L++ N++ E++ W--- M- Y- R+

Next message: Furquan A. Ansari: "memory problems"
Previous message: Michael Kiernan: "Re: aic7xxx: Couldn't find a free SCB"