Re: mount(2) in 2.3.99pre9!!!

From: Pavel Machek (
Date: Thu Jun 01 2000 - 15:05:15 EST


> > Hi,
> >
> > I notice that in 2.3.99pre9 and newer, the system call mount(2) will under
> > some circumstances allow unprivileged users to mount things.
> Yes, it does.
> > Can anyone elaborate on what precisely we allow and why? Despite being
> > named "do_loopback", it looks like a simple aliasing mechanism.
> Yes, it is, and yes, it happened to be simple after some work ;-)
> > At the very least, mount_is_safe() would seem to be missing a check for
> > write permission on the parent directory of the mount-point.
> Hmm... What's the problem with situation when you have write permissions
> on mountpoint but not on its parent? MAY_WRITE on mountpoint is checked,
> unless I've really fscked up. Comments on security implications are more
> than welcome - the variant I've done was, basically, "can we reach the
> thing to be mounted anyway and can we already do whatever we want with the
> contents of the mountpoint?"

[I did not take a look but:]

Well, there's no other way to make directory under /tmp with nlink
count of 1. (afs should do this trick). I do not know if they are
security implications of this, but there may be. At least it is "yet
another way for hardlink".

I'm "In my country we have almost anarchy and I don't care."
Panos Katsaloulis describing me w.r.t. patents me at

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to Please read the FAQ at

This archive was generated by hypermail 2b29 : Wed Jun 07 2000 - 21:00:13 EST