Re: -mm -> 2.6.13 merge status (fuse)

[Eric Van Hensbergen]

On 6/22/05, Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> wrote:
> > 1) only allow user's to mount/bind on directories/files where they
> > have unconditional write access.
> 
> Like say /tmp. Build a bizarre behaving /tmp and I can do funky stuff
> with some third party suid apps. Its a good start but you probably want
> a stronger policy and one enforced by the user space side not kernel (eg
> "Below ~")
>

Well in the original discussions Miklos had classified directories
that had the sticky bit set (such as /tmp) as out-of-bounds for
user-mounts.  However, its a point well taken.   I had originally
proposed having some sort of a policy file (sort of like an extended
fstab with regular expressions) to give more granular control over
where users could and couldn't mount (along with what types of
devices, network servers, and file systems they could mount from). 
However, this leans more towards the "super-mount" suid-application
which I think many found undesirable.  An alternative would be some
way for the kernel to consult with an application about different
mount policies.  I don't know what the right thing is here.
 
> > 2) enforce NOSUID mount options on user-mounts
> 
> 2 is unneccessarily crude. Just enforce suid owner/owner group.
> 

I'm dense this morning, not sure what you mean here.
 
    -eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/