Subject: Re: mount(2) on kauth(9)
To: None <elad@NetBSD.org>
From: YAMAMOTO Takashi <firstname.lastname@example.org>
Date: 12/31/2006 06:20:29
> YAMAMOTO Takashi wrote:
> >> yes. these are the current semantics. a different model may strictly
> >> deny mounts for non-root users, or just deny them altogether if they
> >> don't contain nodev/nosuid. (it would always check "only allow non-root
> >> mounts if dovfsusermount==1 and no privileged options were requested".)
> >> the problem here is that the semantics are just ugly. we could approach
> >> it differently: before we respect suid/dev (in kern_exec.c and
> >> spec_vnops.c - is that enough?) we could issue a KAUTH_SYSTEM_MOUNT_PRIV
> >> with the desired option. then the mount would not say it's nodev/nosuid,
> >> but would still ignore them.
> > do you mean to keep mount-time credential somewhere,
> > for later KAUTH_SYSTEM_MOUNT_PRIV?
> yeah. we'll have to keep the kauth_cred_t of the mounter in struct
> mount (note: this will have to be a copy, not a reference), then we
> could use these credentials in requests to whether respect or not
> suid bit, devices, etc.
> I think it's ugly. :)
what's the benefit to defer the decision, rather than having
additional two kauth calls in mount-time?