| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <m1prokgyje.fsf@frodo.ebiederm.org> Date: Thu, 07 Aug 2008 17:07:01 -0700 From: ebiederm@...ssion.com (Eric W. Biederman) To: "Serge E. Hallyn" <serue@...ibm.com> Cc: Miklos Szeredi <miklos@...redi.hu>, akpm@...ux-foundation.org, hch@...radead.org, viro@...IV.linux.org.uk, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, "Eric W. Biederman" <ebiederm@...ssion.com> Subject: Re: unprivileged mounts git tree "Serge E. Hallyn" <serue@...ibm.com> writes: > Quoting Miklos Szeredi (miklos@...redi.hu): >> Here's a git tree of the unprivileged mounts patchset: >> >> git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs.git > unprivileged-mounts >> >> Could this be added to -mm (and dropped if it's in the way of >> something) for some testing and added visibility until it's reviewed >> by Christoph/Al? >> >> I'm not reposting the whole patchset, since it's essentially the same >> as the last submission, only updated to the latest git. But if >> somebody wants it I can post them. >> >> Thanks, >> Miklos >> >> >> Documentation/filesystems/fuse.txt | 88 ++++++++- >> Documentation/filesystems/proc.txt | 40 ++++ >> fs/filesystems.c | 60 ++++++ >> fs/fuse/inode.c | 21 ++ >> fs/internal.h | 3 +- >> fs/namespace.c | 366 +++++++++++++++++++++++++++--------- >> fs/pnode.c | 22 ++- >> fs/pnode.h | 2 + >> fs/super.c | 26 --- >> include/linux/fs.h | 7 + >> include/linux/mount.h | 4 + >> kernel/sysctl.c | 16 ++ >> 12 files changed, 527 insertions(+), 128 deletions(-) >> >> Miklos Szeredi (10): >> unprivileged mounts: add user mounts to the kernel >> unprivileged mounts: allow unprivileged umount >> unprivileged mounts: propagate error values from clone_mnt >> unprivileged mounts: account user mounts >> unprivileged mounts: allow unprivileged bind mounts >> unprivileged mounts: allow unprivileged mounts >> unprivileged mounts: add sysctl tunable for "safe" property >> unprivileged mounts: make fuse safe >> unprivileged mounts: propagation: inherit owner from parent >> unprivileged mounts: add "no submounts" flag > > Hi Miklos, > > so on the bright side I pulled this tree today and it compiled and > passed ltp with no problems. > > But then I played around a bit and found I could do the following: > > (hmm, i'm trying to remember the exact order :) > > as root: > mmount --bind -o user=500 /home/hallyn/etc/ /home/hallyn/etc/ > mount --bind /mnt /mnt > mount --make-rshared /mnt > mount --bind /dev /mnt/dev > > as hallyn: > mmount --bind /mnt /home/hallyn/etc/mnt > /usr/src/mmount-0.3/mmount --bind mnt/dev mnt/src You are using relative directory names here which makes it confusing. I'm assuming you in /home/hallyn/etc ? > > Now /mnt/src contained /dev. > > Is this what we want? I don't think so. I think the simplest answer is to not allow mounting of shared subtrees controlled by a different user. Serge I think you are right downgrading the mount from shared to slave looks like the sane thing to do if the mount owners match. > Do we want to tell the admin it's his fault for > not somehow forcing a slave relationship between /mnt and > /home/hallyn/etc/mnt? Except I don't think he can do that preemptively, > it has to be done after hallyn does the mmount. > > So does that mean that if non-root user X does: > > mount a b > > where b is user=X but a is not, then if a is shared we should force it > to be mounted as slave at b? > > -serge -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists