Re: [patch 7/8] allow unprivileged mounts

From: Shaya Potter
Date: Sat Apr 21 2007 - 20:47:58 EST

Next message: Gene Heskett: "Re: [patch] CFS scheduler, v4"
Previous message: Arnd Bergmann: "Re: [PATCH 2/8] Kconfig: unwanted menus for s390."
In reply to: Eric W. Biederman: "Re: [patch 7/8] allow unprivileged mounts"
Next in thread: Miklos Szeredi: "[patch 4/8] propagate error values from clone_mnt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andrew Morton wrote:

On Fri, 20 Apr 2007 12:25:39 +0200 Miklos Szeredi <miklos@xxxxxxxxxx> wrote:

Define a new fs flag FS_SAFE, which denotes, that unprivileged
mounting of this filesystem may not constitute a security problem.

Since most filesystems haven't been designed with unprivileged
mounting in mind, a thorough audit is needed before setting this flag.

Practically speaking, is there any realistic likelihood that any filesystem
apart from FUSE will ever use this?

Would it be interesting to support mounting of external file systems (be it USB, NFS or whatever) in a way that automatically forces it to ignore suid and devices (which are already mount time options)? The question I guess is, how much do you gain over a setuid program (hack?) that can handle this?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Gene Heskett: "Re: [patch] CFS scheduler, v4"
Previous message: Arnd Bergmann: "Re: [PATCH 2/8] Kconfig: unwanted menus for s390."
In reply to: Eric W. Biederman: "Re: [patch 7/8] allow unprivileged mounts"
Next in thread: Miklos Szeredi: "[patch 4/8] propagate error values from clone_mnt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]