lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <200411232022.iANKMXA313575@milan.maths.usyd.edu.au> Date: Wed, 24 Nov 2004 07:22:33 +1100 (EST) From: psz@...hs.usyd.edu.au (Paul Szabo) To: Martin.Buchholz@....COM Cc: srevilak@...akeasy.net, bugtraq@...ession.spiral-arm.org, parimiv@...haw.com, levon@...ementarian.org, bugtraq@...urityfocus.com, bug-findutils@....org Subject: Re: Changes to the filesystem while find is running - comments? Martin Buchholz <Martin.Buchholz@....COM> wrote: >> I think find should never cause an automount to "trigger" and cause it to >> be mounted. It is OK to traverse if it was mounted to start with; is surely >> not OK to traverse if it wasn't already mounted. ... >> [Right now cannot think of examples where find causing automounts to >> trigger would be an obvious security or performance issue.] > > I strongly disagree with this principle. Automount points (at least on > Solaris) are supposed to be transparent to the user; just an > implementation optimization over having them permanently mounted. Can some BugTraq-er help me here please: give an example where triggering an automount has security implications? [Can a security compromise of the mountee compromise the security of the automount machine? Does it make a difference if the automount is triggered by a "plain" user access or a rootly one, or are there ever mountpoints that only root has access to?] What do you mean by automounts being an optimization? I would have thought that permanent mounts are less resource-demanding than active mounting and expiring; I thought that automounts were a convenience when the mountee may not be permanently available. Would find triggering automounts impact performance? Would it cause delays or blocks if the mountee was not online? Cheers, Paul Szabo - psz@...hs.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/ School of Mathematics and Statistics University of Sydney 2006 Australia
Powered by blists - more mailing lists