Re: [patch 0/8] unprivileged mount syscall

On 4/6/07, H. Peter Anvin <[email protected]> wrote:

Jan Engelhardt wrote:
> On Apr 6 2007 16:16, H. Peter Anvin wrote:
>>>> - users can use bind mounts without having to pre-configure them in
>>>> /etc/fstab
>>>>
>> This is by far the biggest concern I see.  I think the security implication of
>> allowing anyone to do bind mounts are poorly understood.
>
> $ whoami
> miklos
> $ mount --bind / ~/down_under
>
> later that day:
> # userdel -r miklos
>

Consider backups, for example.


This is the reason why enforcing private namespaces for user mounts
makes sense.  I think it catches many of these corner cases.

         -eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Follow-Ups:
- Re: [patch 0/8] unprivileged mount syscall
  - From: Miklos Szeredi <[email protected]>

References:
- Re: [patch 0/8] unprivileged mount syscall
  - From: Andrew Morton <[email protected]>
- Re: [patch 0/8] unprivileged mount syscall
  - From: "H. Peter Anvin" <[email protected]>
- Re: [patch 0/8] unprivileged mount syscall
  - From: Jan Engelhardt <[email protected]>
- Re: [patch 0/8] unprivileged mount syscall
  - From: "H. Peter Anvin" <[email protected]>

Prev by Date: Re: Reiser4. BEST FILESYSTEM EVER.
Next by Date: Re: [PATCH resend][CRYPTO]: RSA algorithm patch
Previous by thread: Re: [patch 0/8] unprivileged mount syscall
Next by thread: Re: [patch 0/8] unprivileged mount syscall
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]