| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 07 Apr 2007 08:48:20 +0200 From: Miklos Szeredi <miklos@...redi.hu> To: ericvh@...il.com CC: hpa@...or.com, jengelh@...ux01.gwdg.de, akpm@...ux-foundation.org, linux-fsdevel@...r.kernel.org, util-linux-ng@...r.kernel.org, containers@...ts.osdl.org, linux-kernel@...r.kernel.org Subject: Re: [patch 0/8] unprivileged mount syscall > On 4/6/07, H. Peter Anvin <hpa@...or.com> wrote: > > Jan Engelhardt wrote: > > > On Apr 6 2007 16:16, H. Peter Anvin wrote: > > >>>> - users can use bind mounts without having to pre-configure them in > > >>>> /etc/fstab > > >>>> > > >> This is by far the biggest concern I see. I think the security implication of > > >> allowing anyone to do bind mounts are poorly understood. > > > > > > $ whoami > > > miklos > > > $ mount --bind / ~/down_under > > > > > > later that day: > > > # userdel -r miklos > > > > > > > Consider backups, for example. > > > > This is the reason why enforcing private namespaces for user mounts > makes sense. I think it catches many of these corner cases. Yes, disabling user bind mounts in the global namespace makes sense. Enabling user fuse mounts in the global namespace still works though, even if a little cludgy. All these nasty corner cases have been thought through and validated by a lot of users. Thanks, Miklos - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists