Subject: Re: kern/7129: normal user can bypass mount 'noexec' flags
To: Thor Lancelot Simon <>
From: Bill Studenmund <>
List: tech-security
Date: 03/11/1999 16:17:55
On Thu, 11 Mar 1999, Thor Lancelot Simon wrote:
> > I think it would be simpler to just add the smarts into the mount
> > commands. If each one along the way starts with the underlying fs's flags,
> > adds ones it considers important, and only lets root delete flags, then we
> > should be fine.
> Um, that's how we got *in* this mess, at least with umapfs.  If you're going
> to let non-root users mount filesystems, you *can't* just "add the smarts
> into the mount commands".  The user can just build a mount command that
> doesn't have the "smarts" in it, and you lose.  The smarts *have* to go in
> the kernel.

I mis-spoke. I was thinking of the mount_XXX routines. I agree that this
needs to be in-kernel. :-)

Take care,