Subject: Re: mount(2) on kauth(9)
To: YAMAMOTO Takashi <email@example.com>
From: Elad Efrat <elad@NetBSD.org>
Date: 12/30/2006 23:06:59
YAMAMOTO Takashi wrote:
>> yes. these are the current semantics. a different model may strictly
>> deny mounts for non-root users, or just deny them altogether if they
>> don't contain nodev/nosuid. (it would always check "only allow non-root
>> mounts if dovfsusermount==1 and no privileged options were requested".)
>> the problem here is that the semantics are just ugly. we could approach
>> it differently: before we respect suid/dev (in kern_exec.c and
>> spec_vnops.c - is that enough?) we could issue a KAUTH_SYSTEM_MOUNT_PRIV
>> with the desired option. then the mount would not say it's nodev/nosuid,
>> but would still ignore them.
> do you mean to keep mount-time credential somewhere,
> for later KAUTH_SYSTEM_MOUNT_PRIV?
yeah. we'll have to keep the kauth_cred_t of the mounter in struct
mount (note: this will have to be a copy, not a reference), then we
could use these credentials in requests to whether respect or not
suid bit, devices, etc.
I think it's ugly. :)