[Devel] Re: [patch 0/8] unprivileged mount syscall
Miklos Szeredi
miklos at szeredi.hu
Fri Apr 6 23:48:20 PDT 2007
> On 4/6/07, H. Peter Anvin <hpa at zytor.com> wrote:
> > Jan Engelhardt wrote:
> > > On Apr 6 2007 16:16, H. Peter Anvin wrote:
> > >>>> - users can use bind mounts without having to pre-configure them in
> > >>>> /etc/fstab
> > >>>>
> > >> This is by far the biggest concern I see. I think the security implication of
> > >> allowing anyone to do bind mounts are poorly understood.
> > >
> > > $ whoami
> > > miklos
> > > $ mount --bind / ~/down_under
> > >
> > > later that day:
> > > # userdel -r miklos
> > >
> >
> > Consider backups, for example.
> >
>
> This is the reason why enforcing private namespaces for user mounts
> makes sense. I think it catches many of these corner cases.
Yes, disabling user bind mounts in the global namespace makes sense.
Enabling user fuse mounts in the global namespace still works though,
even if a little cludgy. All these nasty corner cases have been
thought through and validated by a lot of users.
Thanks,
Miklos
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list