NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kern/29360: vfs.generic.usermount and mount(8) general questions

The following reply was made to PR kern/29360; it has been noted by GNATS.

From: Elad Efrat <>
Subject: Re: kern/29360: vfs.generic.usermount and mount(8) general questions
Date: Sun, 6 Sep 2009 02:01:44 -0400

 I just came across this PR.
 The check that a non-root user owns the mount-point directory was
 introduced way before vfs.generic.usermount. In fact, it seems that it
 actually removed the root check, and allowed non-root users to freely
 mount file-systems:
 In other words, I don't see a direct relation between the two.
 I believe your (the submitter's) suggestion makes a lot of sense: if
 we only care about read access to the device file when mounting as a
 non-root user, why should we care about more than write access (i.e.,
 ownership) for the mount-point in the same scenario?
 What I suggest is that since we already have a check to ensure the
 user is allowed to mount a file-system, we should replace the
 following code in kern/vfs_syscalls.c:
 309: /*
 310:  * If the user is not root, ensure that they own the directory
 311:  * onto which we are attempting to mount.
 312:  */
 313: if ((error = VOP_GETATTR(vp, &va, l->l_cred)) != 0 ||
 314:     (va.va_uid != kauth_cred_geteuid(l->l_cred) &&
 315:     (error = kauth_authorize_generic(l->l_cred,
 316:     KAUTH_GENERIC_ISSUSER, NULL)) != 0)) {
 317:         return error;
 318: }
 With something like the following:
 /* Ensure that the user can write to the mount-point. */
 if ((error = VOP_ACCESS(vp, VWRITE, l->l_cred)) != 0)
     return error;
 Does anyone see any drawbacks to this approach? If not, I'll change
 the relevant code.

Home | Main Index | Thread Index | Old Index