Re: unprivileged mounts git tree

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Serge E. Hallyn

Subject: Re: unprivileged mounts git tree

Date: Wednesday, September 3, 2008 - 3:43 pm

Quoting Miklos Szeredi (miklos@szeredi.hu):
quoted text> On Wed, 3 Sep 2008, Serge E. Hallyn wrote:
> > Ooh.
> > 
> > You predicate the turning of shared mount to a slave mount on
> > !capable(CAP_SYS_ADMIN).  But in fact it's the mount by a privileged
> > user, turning the mount into a user mount, which you want to convert.
> > So my series of steps was:
> > 
> > 	as root:
> > 		(1) mount --bind /mnt /mnt
> > 		(2) mount --make-rshared /mnt
> > 		(3) /usr/src/mmount-0.3/mmount --bind -o user=hallyn /mnt \
> > 			/home/hallyn/etc/mnt
> > 	as hallyn:
> > 		(4) mount --bind /usr /home/hallyn/etc/mnt/usr
> > 
> > You are turning mounts from shared->slave at step 4, but in fact we need
> > to do it at step 3, where we do have CAP_SYS_ADMIN.
> 
> Well, that's arguable: I think root should be able to shoot itself in
> the foot by doing step 3.

Maybe I'm not thinking right, but long-term is there any reason why we
should require privilege in order to do step 3, so long as the user has
read access to the source and write access to the destination?

I don't think there is.  Other than this glitch.  That's a powerful
reason to fix the glitch.

The other argument is that, frankly, I think most people are still
either unaware of, or confused by, mounts propagation.  Letting root
shoot himself in the foot is reasonable only to a point.

quoted text> Generally we don't restrict what root can
> do.  OTOH I agree that current behavior is ugly in that it provides
> different semantics for privileged/non-privileged callers.
> 
> Perhaps it would be cleaner to simply not allow step 4, instead of
> playing tricks with changing the propagation type.

If the user or admin can simply (I haven't tested)

	mmount --bind --make-rslave -o user=hallyn /mnt \
		/home/hallyn/etc/mnt

then returning -EPERM if --make-rslave was not provided is reasonable
IMO.

-serge
--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

unprivileged mounts git tree, Miklos Szeredi, (Wed May 7, 5:05 am)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Thu Aug 7, 3:27 pm)

Re: unprivileged mounts git tree, Eric W. Biederman, (Thu Aug 7, 5:07 pm)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Thu Aug 7, 5:25 pm)

Re: unprivileged mounts git tree, Miklos Szeredi, (Mon Aug 25, 4:01 am)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Wed Aug 27, 8:36 am)

Re: unprivileged mounts git tree, Miklos Szeredi, (Wed Aug 27, 8:55 am)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Wed Aug 27, 11:46 am)

Re: unprivileged mounts git tree, Miklos Szeredi, (Wed Sep 3, 11:45 am)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Wed Sep 3, 2:54 pm)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Wed Sep 3, 3:02 pm)

Re: unprivileged mounts git tree, Miklos Szeredi, (Wed Sep 3, 3:25 pm)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Wed Sep 3, 3:43 pm)

Re: unprivileged mounts git tree, Miklos Szeredi, (Wed Sep 3, 11:42 pm)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Thu Sep 4, 6:28 am)

Re: unprivileged mounts git tree, Miklos Szeredi, (Thu Sep 4, 7:06 am)

Re: unprivileged mounts git tree, Miklos Szeredi, (Thu Sep 4, 8:40 am)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Thu Sep 4, 9:17 am)

Re: unprivileged mounts git tree, Miklos Szeredi, (Thu Sep 4, 10:42 am)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Thu Sep 4, 10:48 am)

Re: unprivileged mounts git tree, Miklos Szeredi, (Thu Sep 4, 11:03 am)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Thu Sep 4, 11:49 am)

Re: unprivileged mounts git tree, Miklos Szeredi, (Thu Sep 4, 3:26 pm)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Thu Sep 4, 4:32 pm)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Fri Sep 5, 8:31 am)

Re: unprivileged mounts git tree, Miklos Szeredi, (Tue Sep 9, 6:34 am)

Re: unprivileged mounts git tree, Eric W. Biederman, (Thu Sep 11, 3:37 am)

Re: unprivileged mounts git tree, Miklos Szeredi, (Thu Sep 11, 7:43 am)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Thu Sep 11, 8:20 am)

Re: unprivileged mounts git tree, Miklos Szeredi, (Thu Sep 11, 8:44 am)

Re: unprivileged mounts git tree, Eric W. Biederman, (Thu Sep 11, 11:54 am)

Re: unprivileged mounts git tree, Eric W. Biederman, (Thu Sep 11, 12:04 pm)

Re: unprivileged mounts git tree, Eric W. Biederman, (Thu Sep 11, 12:58 pm)

Re: unprivileged mounts git tree, Serge E. Hallyn, (Fri Sep 12, 3:08 pm)

Re: unprivileged mounts git tree, Eric W. Biederman, (Fri Sep 12, 8:12 pm)

Re: unprivileged mounts git tree<