Subject: Re: Mounting as read-write
To: None <port-i386@netbsd.org>
From: Wolfgang Solfrank <ws@tools.de>
List: port-i386
Date: 01/27/2004 20:56:25
Hi,

> But by doing this you are opening a can of worms:
> 
> 1. mounting corrupted filesystems can lead to crashes.
> 2. a user can create a setuid binary on another system and run it on yours
> 3. a user can create a device [such as a raw disk] on his filesystem and
>    thus get access to your devices.
> 
> For 2,3 you can use an amd map that mounts nodev,nosuid and for 1, you
> can use the amd mount command to force an fsck. Not very nice but...

Of course, 2 and 3 are handled quite well by the mount system call itself.
Just have a look into vfs_syscalls.c, around line 200:

                 /*
                  * Do not allow NFS export by non-root users. For non-root
                  * users, silently enforce MNT_NOSUID and MNT_NODEV, and
                  * MNT_NOEXEC if mount point is already MNT_NOEXEC.
                  */
                 if (p->p_ucred->cr_uid != 0) {
                         if (SCARG(uap, flags) & MNT_EXPORTED) {
                                 vput(vp);
                                 return (EPERM);
                         }
                         SCARG(uap, flags) |= MNT_NOSUID | MNT_NODEV;
                         if (flag & MNT_NOEXEC)
                                 SCARG(uap, flags) |= MNT_NOEXEC;
                 }


Ciao,
Wolfgang
-- 
ws@TooLs.DE				Wolfgang Solfrank, TooLs GmbH