Re: [PATCH] private mounts
From: Ram
Date: Wed Apr 27 2005 - 12:46:44 EST
On Wed, 2005-04-27 at 10:33, Miklos Szeredi wrote:
> > It is certainly an information leak not otherwise available. And with
> > the ability to change the layout underneath, you might trigger bugs in
> > root programs: Are they really capable of seeing the same filename
> > twice, or can you throw them into a deep recursion by simulating
> > infinitely deep directories/circular hardlinks...?
>
> Circular or otherwise hardlinked directories are not allowed since it
> would not only confuse applications but the VFS as well.
>
> Hmm, looking at the code it seems that for some reason I removed this
> check from the 2.6 version of FUSE. Stupid me!
>
> Thanks for the reminder :)
>
> > Certainly a useful tool for hardening applications, but I can see the
> > point of not wanting to let unwary applications run into a namespace
> > controlled by a user. Of course, this is sort-of similar to "find
> > -xdev", but I'm not sure whether it is not indeed new behaviour.
>
> A trivial DoS against any process entering the userspace filesystem is
> just not to answer the filesystem request.
>
> So it's not just information leak, but also a fine way to _control_
> certain behavior of applications.
>
I think you need to disallow overmounts on invisible mounts by any user
other than the owner. If not, some other user (including root) can
overmount on your mount and the user will end up with DoS.
RP
> Thanks,
> Miklos
> -
> To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/