Re: [RCF] [PATCH] unprivileged mount/umount

On Fri, May 13, 2005 at 07:47:07 +0200, Miklos Szeredi wrote:
> > >    2) Not giving up suid for cloned and propagated mounts, but having
> > >       extra limitations (suid/sgid programs cannot access unprivileged
> > >       "synthetic" mounts)
> > 
> > (2) isn't realistic.  There's no such thing as a suid program.  Suid is a 
> > characteristic of a _file_.  There's no way to know whether a given 
> > executing program is running with privileges that came from a suid file 
> > getting exec'ed.  Bear in mind that that exec could be pretty remote -- 
> > done by a now-dead ancestor with three more execs in between.
> > 
> > Many user space programs contain hacks to try to discern this information, 
> > and they often cause me headaches and I have to fix them.  The usual hacks 
> > are euid==uid, euid==suid, and/or euid==0.  It would be an order of 
> > magnitude worse for the kernel to contain such a hack.
> 
> Guess what?  It's already there.  Look in ptrace_attach() in
> kernel/ptrace.c
> 
> You could argue about the usefulness of ptrace.  The point is, that
> suid/sgid programs _can_ be discerned, and ptrace _needs_ to discern
> them.

I actually neither needs to, nor does. For ptrace the definition is:
    If the tracee has different privilegies, than the tracer, than it
    can't be traced.

For this definition, the check is not a hack. It's the only way to go.

Now this definition is really what is needed for the filesystem case
too, so I think it's not a hack either. 

> And for the same reason, user controlled filesystems also need to do
> this check.  See Documentation/filesystems/fuse.txt in -mm and later
> discussion in this thread for more information.

-------------------------------------------------------------------------------
						 Jan 'Bulb' Hudec <[email protected]>

Attachment: signature.asc
Description: Digital signature

---

• Follow-Ups:
  • Re: [RCF] [PATCH] unprivileged mount/umount
    • From: Miklos Szeredi <[email protected]>

• References:
  • Re: [RCF] [PATCH] unprivileged mount/umount
    • From: Bryan Henderson <[email protected]>
  • Re: [RCF] [PATCH] unprivileged mount/umount
    • From: Miklos Szeredi <[email protected]>

• Prev by Date: Re: [RFC] (How to) Let idle CPUs sleep
• Next by Date: Re: 2.6.12-rc4-mm1
• Previous by thread: Re: [RCF] [PATCH] unprivileged mount/umount
• Next by thread: Re: [RCF] [PATCH] unprivileged mount/umount
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]