| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87a9kkax0j.fsf@xmission.com> Date: Wed, 14 Aug 2013 12:32:44 -0700 From: ebiederm@...ssion.com (Eric W. Biederman) To: Miklos Szeredi <miklos@...redi.hu> Cc: "Serge E. Hallyn" <serge@...lyn.com>, Al Viro <viro@...iv.linux.org.uk>, Linux-Fsdevel <linux-fsdevel@...r.kernel.org>, Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: DoS with unprivileged mounts Miklos Szeredi <miklos@...redi.hu> writes: > There's a simple and effective way to prevent unlink(2) and rename(2) > from operating on any file or directory by simply mounting something > on it. In any mount instance in any namespace. > > Was this considered in the unprivileged mount design? The focus was on not fooling privileged applications and some of the secondary effects that really should have been thought about in more depth were like this one were overlooked. > The solution is also theoretically simple: mounts in unpriv namespaces > are marked "volatile" and are dissolved on an unlink type operation. > > Such volatile mounts would be useful in general too. Agreed. This is a problem that is a general pain with mount namespaces in general. I think the real technical hurdle is finding the mounts t in some random mount namespace. Once we can do that relatively efficiently the rest becomes simple. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists