vfs.usermount allows users to do arbitrary unmounts
Yuri Pankov
yuripv at yuripv.net
Sun Oct 7 19:08:18 UTC 2018
Yuri Pankov wrote:
> Hi,
>
> Going through https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=232021,
> I noticed that unmount(2) will not fail with EPERM as expected on mounts
> that don't belong to the user, and which were not mounted by that user,
> e.g.:
>
> # zfs create data/test
> # ls -ld /data/test
> drwxr-xr-x 2 root wheel 2 Oct 7 21:55 /data/test
> $ umount /data/test; echo $?
> 0
>
> Even if vfs.usermount isn't great from security perspective, is this
> expected?
Nevermind me, looks like I got it all confused with using `zfs allow`.
More information about the freebsd-hackers
mailing list