Re: [PATCH] private mounts

>On Tue, Apr 26, 2005 at 03:00:10AM -0700, Andrew Morton wrote:
>> Not as thick as mine!  Could someone please explain in small words 
what's
>> wrong with an suid mount helper?
>
>Nothing per-se.  What makes it bad is the context of a userland 
filesystem
>where the actual filesystem operations in the mounted filesystem happen
>in context of a non-privileged user.

How did the fact that the file access system calls involve user-controlled 
code come into this?  I thought the FUSE kernel code already shielded the 
system from said code to everyone's satisfaction.

We've been talking, rather, about the namespace changes.  The exact same 
issue exists with a non-userspace filesystem where the user controls the 
filesystem contents.  For example, a filesystem on a user-supplied CD.  A 
system administrator -- personally or through his setuid proxy -- might 
want to mount this CD for the benefit of some users/processes/whatever but 
not add it to the global namespace.

The issue of private mounts (mount = namespace change) would be good to 
resolve separately from any problem with bringing user space code into the 
kernel.

BTW, since Miklos said "mount helper" and others have said "mount 
wrapper," I think some of us may not be familiar with mount helpers.  It's 
irrelevant to this discussion, but: util-linux 'mount' has a little-known 
feature wherein it can run a filesystem-type-specific program in a child 
process to do some of the mount function.  A "mount wrapper" would be the 
opposite -- a filesystem-type-specific program that runs the generic 
'mount' program in a child process.

--
Bryan Henderson                          IBM Almaden Research Center
San Jose CA                              Filesystems
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• References:
  • Re: [PATCH] private mounts
    • From: Christoph Hellwig <[email protected]>

• Prev by Date: Re: [1/1] connector/CBUS: new messaging subsystem. Revision number next.
• Next by Date: Re: [PATCH] 2.4.30 PicoPower IRQ router
• Previous by thread: Re: [PATCH] private mounts
• Next by thread: Re: [PATCH] private mounts
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]