| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 22 Apr 2007 09:19:45 +0200 From: Miklos Szeredi <miklos@...redi.hu> To: ebiederm@...ssion.com CC: miklos@...redi.hu, akpm@...ux-foundation.org, serue@...ibm.com, viro@....linux.org.uk, linuxram@...ibm.com, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, containers@...ts.osdl.org Subject: Re: [patch 5/8] allow unprivileged bind mounts > > From: Miklos Szeredi <mszeredi@...e.cz> > > > > Allow bind mounts to unprivileged users if the following conditions > > are met: > > > > - mountpoint is not a symlink or special file > > Why? This sounds like a left over from when we were checking permissions. Hmm, yes. Don't know. Maybe only the symlink check. Bind mounts of directory over non-directy, and vica versa are already excluded, even for root. > > - parent mount is owned by the user > > - the number of user mounts is below the maximum > > > > Unprivileged mounts imply MS_SETUSER, and will also have the "nosuid" > > and "nodev" mount flags set. > > So in principle I agree, but in detail I disagree. > > capable(CAP_SETUID) should be required to leave MNT_NOSUID clear. > capable(CAP_MKNOD) should be required to leave MNT_NODEV clear. > > I.e. We should not special case this as a user mount but rather > simply check to see if the user performing the mount has the appropriate > capabilities to allow the flags. Sounds sane. Will fix. Miklos - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists