Subject: Re: kern/7129: normal user can bypass mount 'noexec' flags
To: Jason Thorpe <thorpej@lestat.nas.nasa.gov>
From: Bill Studenmund <wrstuden@nas.nasa.gov>
List: tech-kern
Date: 03/11/1999 15:11:59
On Thu, 11 Mar 1999, Jason Thorpe wrote:
> On Thu, 11 Mar 1999 20:47:19 +0100
> Manuel Bouyer <bouyer@antioche.lip6.fr> wrote:
>
> > And they will be back if a MNT_UPDATE is done on the lower FS.
> > We need a way to track flags that have been deleted by a update.
>
> You could have the top layer look at the bottom layer's mount flags
> when a vfs or vn op happens...
I think that's a bad idea. Checking each op will be expensive, given that
flag changes are rare. Also, there's the problem that I think the idea of
a root nullfs mount which has fewer restrictions than the layer on which
it's loaded is reasonable (If root wants to hang him/herself, ok :-)
Am I correct in assuming that filesystems never spontaneously add noexec,
nodev, etc.. ? So if the settings on the lower part of an ovlerlay fs are
changed, it's root's doing?
If so, then all we need to do is add the protections to the mount call.
These bits should be checked both on mount and on a mount update.
If you change the permissions on an fs which has fs's layerd over it, then
just do a mount -u /whatever, and all should be well.
Take care,
Bill