On Sat, Apr 30, 2005 at 11:22:48AM +0200, Miklos Szeredi wrote:
> > - virtual filesystems exporting kernel data are obviously safe as
> > they enforce permissions no matter who mounted them. (actually we'd
> > need to check for some odd mount options)
>
> Maybe sysadmin doesn't want to let users see /sys for example. How
> would you disable it if users can mount it themselfes? OK, you can
> disable user mounts completely, but that's probably not fine grained
> enough for some.
the sysadmin shouldn't do that. sysfs is needed for proper operation
in a modern system and there's nothing to hid in there.
> > - block-based filesystems should be safe as long as the mounter has
> > access to the underlying block device
>
> Not true if user controls the baking device (e.g. loopback).
I didn't say we should make using the loopback driver a non-privilegued
operation.
> Most
> block based filesystems are probably unsafe at the moment, because not
> enough consistency checking is done at runtime. Are things like
> non-cyclic directory graphs ensured by all filesystems? My guess is
> not. See also Linus' comment about the state of the iso9660
> filesystem:
>
> http://lwn.net/Articles/128744/
It just mean that a) the system admin should be careful what drivers are
loaded and b) we need to audit block based filesystems better.
Note that in many current distributions users can mount iso9660 filesystems
through user mount hacks already. Accessible to everyone and in the global
namespace.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]