The following reply was made to PR kern/29360; it has been noted by GNATS.
From: Elad Efrat <[email protected]>
To: Manuel Bouyer <[email protected]>
Cc: [email protected], [email protected],
Antti Kantee <[email protected]>
Subject: Re: kern/29360: vfs.generic.usermount and mount(8) general questions
Date: Sun, 6 Sep 2009 13:02:02 -0400
On Sun, Sep 6, 2009 at 5:20 AM, Manuel Bouyer<[email protected]> wrote:
>> Does anyone see any drawbacks to this approach? If not, I'll change
>> the relevant code.
> Yes, that would mean a user could mount his own FS over e.g. /tmp, or
> /var/mail. that's bad.
Forgot about those world-writable-but-sticky directories. Righto. :)
> I think that checking the user owns the mount point is the right thing to do.
> I think a sysctl to control whenever to check for group ownerchip instead
> of user ownerchip would work, though. It's up to the admin to carefully
> choose a group for devices and mount points :)
I agree with Antti here about the sysctl, but I want to replace the
root check, eventually. What do you guys think about replacing the
owner/root check with a kauth action that does the same in a