Analysis of mounts/unmounts issues.

Pawel Jakub Dawidek nick at
Mon Jan 26 14:59:44 PST 2004


This is a short analysis of mount(2)/unmount(2) problems related to
usermounts, unprivileged root and jails.

I've found many issues related to this topic, here is a list of those issues:

1. Root from inside of jail is able to unmount _any_ file system
   (except /) from even outside of jail.
2. Even if security.bsd.suser is set to 0, root is able to unmount
   file systems mounted by provileged root (except /).
3. If usermount is set to 1, user from inside of jail is able to
   mount file system (if support for required file system is
   compiled in kernel of loaded as a kld module), but with
   MNT_NOSUID and MNT_NODEV flags set.
   Insufficient check is in two place: for normal mounts and
   for mounts with MNT_UPDATE flag set.
4. Let's assume that usermount is set to 1 and user mounts file system,
   now we're setting usermount to 0 and user is still able to
   unmount file system mounted by him previously.

My fix deny any mounts/unmounts inside of jail and deny mounts/unmounts
for unprivileged root, because there is no chance to check if
security.bsd.suser was 0 or 1 while file system was mounted.
Patch is here:

Things to discuss.

Should we permit mounts/unmounts inside of jail if usermount is set to 1?
Maybe there should be 'jailmount' variable to control this?

Should we store in mount structure value of security.bsd.suser while
file system is mounted to permit unmount and mount with MNT_UPDATE flag set
operations for unprivileged root? This will give as a complete solution.

Pawel Jakub Dawidek                       pawel at
UNIX Systems Programmer/Administrator
Am I Evil? Yes, I Am!           
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
Url :

More information about the freebsd-fs mailing list