On Fri, 16 Jun 2006, Dave Hansen wrote:
On Sat, 2006-06-17 at 01:29 +0200, Grzegorz Kulewski wrote:
Isn't this some kind of security risk (at least in my planned use)? I mean
- for a small fraction of second somebody seeing /dest can write
/source... No?
I assume you're talking about this kind of situation:
mount --bind /local/writable/dir /chroot/untrusted/area/
mount --o remount,ro /chroot/untrusted/area/
Well, actually about some kind of VPS: openvz or something like that. But
yes, this is the same kind of scenario.
This has no r/w window in the chroot area:
mount --bind /local/writable/dir /tmp/area/
mount --o remount,ro /tmp/area/
mount --bind /tmp/area/ /chroot/untrusted/area/
umount /tmp/area/
Well, it looks a little scarry and complicated at first. And probably
requires you to know that semantic of --bind lets you do the last unmount.
But if you are saying that this makes kernel smaller, faster and less
buggy then you are probably very right.
Thank you for your explanation,
Grzegorz Kulewski
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
