netbsd-bugs@netbsd.org
[Top] [All Lists]

Re: kern/29360: vfs.generic.usermount and mount(8) general questions

Subject: Re: kern/29360: vfs.generic.usermount and mount(8) general questions
From: Elad Efrat
Date: Sun, 06 Sep 2009 17:05:16 UTC
Newsgroups: fa.netbsd.bugs

The following reply was made to PR kern/29360; it has been noted by GNATS.

From: Elad Efrat <elad@xxxxxxxxxx>
To: Manuel Bouyer <bouyer@xxxxxxxxxxxxxxx>
Cc: gnats-bugs@xxxxxxxxxx, tech-kern@xxxxxxxxxx, 
        Antti Kantee <pooka@xxxxxxxxxx>
Subject: Re: kern/29360: vfs.generic.usermount and mount(8) general questions
Date: Sun, 6 Sep 2009 13:02:02 -0400

 On Sun, Sep 6, 2009 at 5:20 AM, Manuel Bouyer<bouyer@xxxxxxxxxxxxxxx> wrote:
 
 >> Does anyone see any drawbacks to this approach? If not, I'll change
 >> the relevant code.
 >
 > Yes, that would mean a user could mount his own FS over e.g. /tmp, or
 > /var/mail. that's bad.
 
 Forgot about those world-writable-but-sticky directories. Righto. :)
 
 > I think that checking the user owns the mount point is the right thing to do.
 > I think a sysctl to control whenever to check for group ownerchip instead
 > of user ownerchip would work, though. It's up to the admin to carefully
 > choose a group for devices and mount points :)
 
 I agree with Antti here about the sysctl, but I want to replace the
 root check, eventually. What do you guys think about replacing the
 owner/root check with a kauth action that does the same in a
 bsd44-suser listener?
 
 Thanks,
 
 -e.
 

<Prev in Thread] Current Thread [Next in Thread>