| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Jan 2008 08:17:10 -0500
From: Mike Frysinger <vapier@...too.org>
To: Miklos Szeredi <miklos@...redi.hu>
Cc: util-linux-ng@...r.kernel.org, akpm@...ux-foundation.org,
hch@...radead.org, serue@...ibm.com, viro@....linux.org.uk,
kzak@...hat.com, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org, containers@...ts.osdl.org
Subject: Re: [patch] util-linux-ng: unprivileged mounts support
On Wednesday 16 January 2008, Miklos Szeredi wrote:
> This is an experimental patch for supporing unprivileged mounts and
> umounts. The following features are added:
same feedback as last time ... the cap stuff needs to be made optional and
proper header checks added to configure ...
> 1) If mount/umount are suid, first try without privileges.
>
> This is done by forking, dropping privileges in child, and redirecting
> stderr to /dev/null. If this succeeds, then parent exits with zero
> exit code. Otherwise parent continues normally (with privileges).
> This isn't perfect, because the wrong error message will be printed if
> mount/umount failed not because of insufficient privileges, but some
> other error (e.g. mountpoint busy).
this normalization of error information does kind of suck ... but i think the
way it's written, the end user will still get the real answer the second time
around when the mount is attempted with root privs and not stderr sent
to /dev/null ?
-mike
Download attachment "signature.asc " of type "application/pgp-signature" (828 bytes)
Powered by blists - more mailing lists