> I tried the unprivileged mount v5 patches with 2.6.21.1. I made some > experiments with normal filesystems (ext3, xfs, iso9660). I removed the > FS_SAFE checks for that.
Thanks for looking at this. > Mounting and umounting as unprivileged user (user1) works, e.g. > (/mnt/user1 is a mount owned by user1) > > [EMAIL PROTECTED] ~]$ mmount -t xfs /dev/mapper/vg00-test /mnt/user1 > > But the device permissions are ignored. The unprivileged user can mount > the block device even there are no permissions to access it: > > brw------- 1 root root 253, 5 Apr 29 18:32 /dev/mapper/vg00-test Yes, I'm aware of this. Before we enable FS_SAFE for block filesystems, this must be addressed. But I'm not sure _if_ we'll ever want this. It is very likely that there are some other security holes in most filesystems that are difficult to address. One example is checking for hard-linked directories, which is normally only done during an fsck. > And there is another problem with sharing the device (superblock?). > If user1 mount a device readonly: > > [EMAIL PROTECTED] ~]$ mmount -r -t xfs /dev/mapper/vg00-test /mnt/user1 > > Than root cannot mount the device rw: > > [EMAIL PROTECTED] ~]# mount /dev/mapper/vg00-test /mnt/test/ > mount: /dev/mapper/vg00-test already mounted or /mnt/test/ busy > > Mounting ro works and than remounting rw work. But than /mnt/user1 is rw > too. > > This can DoS e.g. the automounter mounting /dev/mapper/vg00-test rw. Right. There are patches for enabling per-mount read-only, but this shows well, that unprivileged block device mounts are far from trivial. Miklos - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
