On Sat, 2006-06-17 at 01:29 +0200, Grzegorz Kulewski wrote:
> Isn't this some kind of security risk (at least in my planned use)? I mean
> - for a small fraction of second somebody seeing /dest can write
> /source... No?
I assume you're talking about this kind of situation:
mount --bind /local/writable/dir /chroot/untrusted/area/
mount --o remount,ro /chroot/untrusted/area/
Where there is a window where someone in the chroot can write into the
local directory. Yes. There would be a race there.
However, you can also do the following, which will have no window. It
has a few more steps, but it is a much simpler thing to deal with in the
kernel. Believe me, it starts to get ugly when you try to handle
permission and flag changes at mount time. Keeping --bind'ing as *just*
a simple "copy the source mount" operation makes the implementation very
much simpler.
This has no r/w window in the chroot area:
mount --bind /local/writable/dir /tmp/area/
mount --o remount,ro /tmp/area/
mount --bind /tmp/area/ /chroot/untrusted/area/
umount /tmp/area/
-- Dave
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
