Subject: Re: kern/7129: normal user can bypass mount 'noexec' flags
To: Bill Studenmund <email@example.com>
From: Thor Lancelot Simon <firstname.lastname@example.org>
Date: 03/11/1999 18:50:44
On Thu, Mar 11, 1999 at 03:11:59PM -0800, Bill Studenmund wrote:
> On Thu, 11 Mar 1999, Jason Thorpe wrote:
> > On Thu, 11 Mar 1999 20:47:19 +0100
> > Manuel Bouyer <email@example.com> wrote:
> > > And they will be back if a MNT_UPDATE is done on the lower FS.
> > > We need a way to track flags that have been deleted by a update.
> > You could have the top layer look at the bottom layer's mount flags
> > when a vfs or vn op happens...
> I think that's a bad idea. Checking each op will be expensive, given that
> flag changes are rare. Also, there's the problem that I think the idea of
> a root nullfs mount which has fewer restrictions than the layer on which
> it's loaded is reasonable (If root wants to hang him/herself, ok :-)
I do not.
Limiting how much damage root can do is *precisely the purpose* of some of
the mount flags we're talking about, at least the way I see it.