lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 18 Dec 2007 22:54:48 -0500
From:	Mark Lord <lkml@....ca>
To:	Al Viro <viro@....linux.org.uk>
Cc:	Alexander Viro <viro@...iv.linux.org.uk>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Linux Kernel <linux-kernel@...r.kernel.org>
Subject: Re: RFC: permit link(2)  to work across --bind mounts ?

Al Viro wrote:
> On Tue, Dec 18, 2007 at 11:00:16PM +0000, Al Viro wrote:
>> On Tue, Dec 18, 2007 at 05:46:21PM -0500, Mark Lord wrote:
>>> Why does link(2) not support hard-linking across bind mount points
>>> of the same underlying filesystem ?
>> Because it gives you a security boundary around a subtree.
> 
> PS: that had been discussed quite a few times, but to avoid searches:
> consider e.g. mount --bind /tmp /tmp; now you've got a situation when
> users can't create links to elsewhere no root fs, even though they
> have /tmp writable to them.  Similar technics works for other isolation
> needs - basically, you can confine rename/link to given subtree.  IOW,
> it's a deliberate feature.  Note that you can bind a bunch of trees
> into chroot and get predictable restrictions regardless of how the
> stuff might get rearranged a year later in the main tree, etc.
..

Thanks, Al.  That makes sense for a multi-user system, so I'm happy.

But.. pity there's no mount flag override for smaller systems,
where bind mounts might be more useful with link(2) actually working.

The patch is simple enough when needed, though.

Cheers

--- old/fs/namei.c	2007-12-15 12:33:13.000000000 -0500
+++ linux/fs/namei.c	2007-12-18 22:41:19.000000000 -0500
@@ -2398,7 +2398,7 @@
 	if (error)
 		goto out;
 	error = -EXDEV;
-	if (old_nd.mnt != nd.mnt)
+	if (old_nd.mnt->mnt_sb != nd.mnt->mnt_sb)
 		goto out_release;
 	new_dentry = lookup_create(&nd, 0);
 	error = PTR_ERR(new_dentry);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ