Subject: Re: kern/7129: normal user can bypass mount 'noexec' flags
To: Bill Studenmund <firstname.lastname@example.org>
From: Thor Lancelot Simon <email@example.com>
Date: 03/11/1999 18:52:49
On Thu, Mar 11, 1999 at 03:28:30PM -0800, Bill Studenmund wrote:
> On Thu, 11 Mar 1999, Bill Sommerfeld wrote:
> > Here's the interface I think makes sense for fixing this:
> > VOP_GETMNTFLAGS(vp)
> > .. returns the ored-together mount flags of the filesystem vp and any
> > filesystems vp is stacked on..
> > implementation for "leaf" filesystems just looks in the vfs structure.
> > mount_null, etc., or's its bits together with the one of the
> > underlying vnode..
> I think it would be simpler to just add the smarts into the mount
> commands. If each one along the way starts with the underlying fs's flags,
> adds ones it considers important, and only lets root delete flags, then we
> should be fine.
Um, that's how we got *in* this mess, at least with umapfs. If you're going
to let non-root users mount filesystems, you *can't* just "add the smarts
into the mount commands". The user can just build a mount command that
doesn't have the "smarts" in it, and you lose. The smarts *have* to go in
Thor Lancelot Simon firstname.lastname@example.org
"And where do all these highways go, now that we are free?"