RFC: Adding a ``user'' mount option
Joe Marcus Clarke
marcus at FreeBSD.org
Tue Apr 4 06:51:35 UTC 2006
On Mon, 2006-04-03 at 23:30 +0100, Robert Watson wrote:
> On Mon, 3 Apr 2006, Joe Marcus Clarke wrote:
>
> >> I would suggest that an extremely careful security audit of the userspace
> >> and kernel mount and unmount code is due -- especially things like the
> >> per-filesystem mount code (mount_nfs, etc). I'm not against the principle
> >> of this though.
> >
> > Agreed. I was hoping to make this solution secure, flexible, and easy to
> > use.
>
> Sure. And if you don't commit bug fixes to mount, we'll know you haven't
> tried looking very hard, because it seems very likely to me it has problems
> :-).
>
> >> Also, I'm not 100% sure we should make the getuid() check return a hard
> >> error in user space. Let's continue to let the kernel code make the access
> >> control decision here.
> >
> > I did the check in user space so that I could read the fstab file, and know
> > that the volume was allowed to be user-[un]mounted. I suppose, though, that
> > I could set the flags in user space, then pass that to the kernel for the
> > actual access control decision as you say.
>
> I'm not entirely clear on what ideal is, but one possibility is to allow the
> user mount bit to determine whether the mount system call is invoked with
> privilege.
Thanks for the feedback. I'll try and release an updated diff this
weekend that incorporates your suggestions, and I'll attempt the
wildcard suggestion made by silby.
Joe
>
> Robert N M Watson
>
--
Joe Marcus Clarke
FreeBSD GNOME Team :: gnome at FreeBSD.org
FreeNode / #freebsd-gnome
http://www.FreeBSD.org/gnome
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20060404/88db8793/attachment.pgp
More information about the freebsd-hackers
mailing list