| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 04 Sep 2008 00:25:11 +0200 From: Miklos Szeredi <miklos@...redi.hu> To: serue@...ibm.com CC: miklos@...redi.hu, ebiederm@...ssion.com, akpm@...ux-foundation.org, hch@...radead.org, viro@...IV.linux.org.uk, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: unprivileged mounts git tree On Wed, 3 Sep 2008, Serge E. Hallyn wrote: > Ooh. > > You predicate the turning of shared mount to a slave mount on > !capable(CAP_SYS_ADMIN). But in fact it's the mount by a privileged > user, turning the mount into a user mount, which you want to convert. > So my series of steps was: > > as root: > (1) mount --bind /mnt /mnt > (2) mount --make-rshared /mnt > (3) /usr/src/mmount-0.3/mmount --bind -o user=hallyn /mnt \ > /home/hallyn/etc/mnt > as hallyn: > (4) mount --bind /usr /home/hallyn/etc/mnt/usr > > You are turning mounts from shared->slave at step 4, but in fact we need > to do it at step 3, where we do have CAP_SYS_ADMIN. Well, that's arguable: I think root should be able to shoot itself in the foot by doing step 3. Generally we don't restrict what root can do. OTOH I agree that current behavior is ugly in that it provides different semantics for privileged/non-privileged callers. Perhaps it would be cleaner to simply not allow step 4, instead of playing tricks with changing the propagation type. Miklos -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists