| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Sep 2007 13:38:13 +0100 From: Christoph Hellwig <hch@...radead.org> To: Miklos Szeredi <miklos@...redi.hu> Cc: hch@...radead.org, trond.myklebust@....uio.no, adilger@...sterfs.com, linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org Subject: Re: [patch 2/2] VFS: allow filesystem to override mknod capability checks On Mon, Sep 24, 2007 at 02:25:54PM +0200, Miklos Szeredi wrote: > From: Miklos Szeredi <mszeredi@...e.cz> > > Add a new super block flag, that results in the VFS not checking if > the current process has enough privileges to do an mknod(). > > If this flag is set, all mounts for this super block will have the > "nodev" flag implied. > > This is needed on filesystems, where an unprivileged user may be able > to create a device node, without causing security problems. > > One such example is "mountlo" a loopback mount utility implemented > with fuse and UML, which runs as an unprivileged userspace process. > In this case the user does in fact have the right to create device > nodes within the filesystem image, as long as the user has write > access to the image. Since the filesystem is mounted with "nodev", > adding device nodes is not a security concern. This one looks okay, but I'd prefer to not put it in until we actually have proper non-privilegued mounts. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists