Subject: Re: Mounting as read-write
To: None <port-i386@netbsd.org>
From: Wolfgang Solfrank <ws@tools.de>
List: port-i386
Date: 01/27/2004 20:56:25
Hi,
> But by doing this you are opening a can of worms:
>
> 1. mounting corrupted filesystems can lead to crashes.
> 2. a user can create a setuid binary on another system and run it on yours
> 3. a user can create a device [such as a raw disk] on his filesystem and
> thus get access to your devices.
>
> For 2,3 you can use an amd map that mounts nodev,nosuid and for 1, you
> can use the amd mount command to force an fsck. Not very nice but...
Of course, 2 and 3 are handled quite well by the mount system call itself.
Just have a look into vfs_syscalls.c, around line 200:
/*
* Do not allow NFS export by non-root users. For non-root
* users, silently enforce MNT_NOSUID and MNT_NODEV, and
* MNT_NOEXEC if mount point is already MNT_NOEXEC.
*/
if (p->p_ucred->cr_uid != 0) {
if (SCARG(uap, flags) & MNT_EXPORTED) {
vput(vp);
return (EPERM);
}
SCARG(uap, flags) |= MNT_NOSUID | MNT_NODEV;
if (flag & MNT_NOEXEC)
SCARG(uap, flags) |= MNT_NOEXEC;
}
Ciao,
Wolfgang
--
ws@TooLs.DE Wolfgang Solfrank, TooLs GmbH