| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Apr 2007 22:10:31 -0600 From: ebiederm@...ssion.com (Eric W. Biederman) To: Miklos Szeredi <miklos@...redi.hu> Cc: jengelh@...ux01.gwdg.de, akpm@...ux-foundation.org, serue@...ibm.com, viro@....linux.org.uk, linuxram@...ibm.com, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, containers@...ts.osdl.org, hpa@...or.com Subject: Re: [patch] unprivileged mounts update Miklos Szeredi <miklos@...redi.hu> writes: >> On Apr 25 2007 11:21, Eric W. Biederman wrote: >> >> >> >> Why did we want to use fsuid, exactly? >> > >> >- Because ruid is completely the wrong thing we want mounts owned >> > by whomever's permissions we are using to perform the mount. >> >> Think nfs. I access some nfs file as an unprivileged user. knfsd, by >> nature, would run as euid=0, uid=0, but it needs fsuid=jengelh for >> most permission logic to work as expected. > > I don't think knfsd will ever want to call mount(2). > > But yeah, I've been convinced, that using fsuid is the right thing to > do. Actually knfsd does call mount when it crosses a mount point on the nfs server it generates an equivalent mount point in linux. At least I think that is the what it is doing. It is very similar to our mount propagation path. However as a special case I don't think the permission checking is likely to bite us there. It is worth double checking once we have the other details ironed out. Eric - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists