Subject: Re: kern/7129: normal user can bypass mount 'noexec' flags
To: None <firstname.lastname@example.org>
From: Jason Thorpe <email@example.com>
Date: 03/11/1999 11:13:11
On Thu, 11 Mar 1999 16:52:50 +0100 (MET)
Manuel Bouyer <firstname.lastname@example.org> wrote:
> It is possible for a normal user to bypass the 'noexec' mount flag,
> by using a null mount on a directory owned by itself.
> Workaround: assure no regular user can execute a binary in a partition
> they can write (what's the purpose of 'noexec' otherwise ?), and
> supress read/execute permissions on /sbin/mount_* for all but owner.
nullfs mounts (and any other `stacked' types... HI WRSTUDEN! :-) should
inherit `noexec', `nosuid', etc. attributes from the bottom layer. If
those attributes are changed, the stacked mount should notice.
> A long term fix needs to change the semantic of mount for non-root
> - mounts for non-root users are always 'noexec' (as they already are
> 'nodev, nosuid'), possibly dependant on the kernel security level
No, that's lame... I might, for example, have shell scripts on the floppy
that I mount in my laptop (and ttyaction chowns the floppy drive to me
when I log in).
> - or inherit the noexec flag from the partition the target directory
> will be mounted on.
...yes :-) And `nosuid' and `nodev', etc. :-)
-- Jason R. Thorpe <email@example.com>