Subject: Re: procfs & mount changes (was: ps /proc changes)
To: Greg A. Woods <email@example.com>
From: Brian C. Grayson <firstname.lastname@example.org>
Date: 03/29/1999 18:03:12
On Mon, Mar 29, 1999 at 04:32:40PM -0500, Andrew Brown wrote:
> how about yet another mount flag that signifies that no other mounts
> may be made on top of the named file system? so after all mounts have
> been done on a machine, a simple
> mount -a -u -o nomount
> would render all filesystems un-overlayable. so to speak.
So, in this example, we'd have
mount -o nomount -t procfs /proc /proc
That would solve the problem of someone mounting /fakeproc123
on top of /proc/123. But is it possible for the nomount to
prevent someone from doing:
mount /myfakeroot / (and thus obscure /proc completely, perhaps
placing a fake one in place)
It seems like / would have to know about /proc's nomount to
keep things secure, which seems icky to me.
> (just random thought noise...)
Yep, same here.