Subject: Re: Mount permissions
To: Jonathan Stone <jonathan@DSG.Stanford.EDU>
From: Chris G. Demetriou <email@example.com>
Date: 01/24/2000 08:12:23
Jonathan Stone <jonathan@DSG.Stanford.EDU> writes:
> Like the kernel enforcing non-root mounts get nodev,nosuid, and
> whatever else a well-behaved wrapper enforces. If the "whatever else"
> varies with local policy or taste, the wrapper seems better than
> putting policy hooks into the kernel.
Certianly, I know people who'd want 'noexec' to be a part of any such
flags (though typically I would not).
Some things do require kernel support, though: e.g. I'd like to see a
way to do user-mountable file systems which include nodev,nosuid, but
which the mounting user can do anything do, including create files as
other UIDs and even make them set-id. (It'd be Nice to be able to
make file system images without needing root.)
Chris Demetriou - firstname.lastname@example.org - http://www.netbsd.org/People/Pages/cgd.html
Disclaimer: Not speaking for NetBSD, just expressing my own opinion.