Subject: Re: kern/7129: normal user can bypass mount 'noexec' flags
To: Thor Lancelot Simon <firstname.lastname@example.org>
From: Bill Studenmund <email@example.com>
Date: 03/11/1999 16:17:55
On Thu, 11 Mar 1999, Thor Lancelot Simon wrote:
> > I think it would be simpler to just add the smarts into the mount
> > commands. If each one along the way starts with the underlying fs's flags,
> > adds ones it considers important, and only lets root delete flags, then we
> > should be fine.
> Um, that's how we got *in* this mess, at least with umapfs. If you're going
> to let non-root users mount filesystems, you *can't* just "add the smarts
> into the mount commands". The user can just build a mount command that
> doesn't have the "smarts" in it, and you lose. The smarts *have* to go in
> the kernel.
I mis-spoke. I was thinking of the mount_XXX routines. I agree that this
needs to be in-kernel. :-)