[Devel] Re: [patch 0/8] unprivileged mount syscall
Eric Van Hensbergen
ericvh at gmail.com
Fri Apr 6 20:40:20 PDT 2007
On 4/6/07, H. Peter Anvin <hpa at zytor.com> wrote:
> Jan Engelhardt wrote:
> > On Apr 6 2007 16:16, H. Peter Anvin wrote:
> >>>> - users can use bind mounts without having to pre-configure them in
> >>>> /etc/fstab
> >>>>
> >> This is by far the biggest concern I see. I think the security implication of
> >> allowing anyone to do bind mounts are poorly understood.
> >
> > $ whoami
> > miklos
> > $ mount --bind / ~/down_under
> >
> > later that day:
> > # userdel -r miklos
> >
>
> Consider backups, for example.
>
This is the reason why enforcing private namespaces for user mounts
makes sense. I think it catches many of these corner cases.
-eric
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list