mount -u -r drops nosuid ?
Lowell Gilbert
freebsd-security-local at be-well.ilk.org
Mon Nov 21 05:43:44 PST 2005
Andriy Gapon <avg at icyb.net.ua> writes:
> Not sure if this is a bug or a feature, but it seems like potential
> security risk: I have a ufs fs mounted rw+nosuid, then I needed to
> downgrade it to ro, so I executed mount -u -r on it - imagine my surpise
> when I found that nosuid flag was removed as well. I know I could have
> used mount -u -r -o nosuid, but the present behavior seems to be
> non-obvious (update one flag, orthogonal flags dropped as well) and
> dangerously so.
>
> System is 5.4-RELEASE-p3 i386
The behaviour is explicitly documented.
I think it is safer (less room to shoot yourself in the foot) to have
the flags be exactly the ones you specified in the remount (no more,
no less) than to have to know exactly what the state was beforehand.
But clearly it's possible to surprise the operator either way.
More information about the freebsd-security
mailing list