From owner-freebsd-hackers@FreeBSD.ORG Mon Apr 3 18:42:42 2006 Return-Path: X-Original-To: hackers@FreeBSD.org Delivered-To: freebsd-hackers@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C54AE16A401; Mon, 3 Apr 2006 18:42:42 +0000 (UTC) (envelope-from marcus@FreeBSD.org) Received: from av-tac-rtp.cisco.com (bantam.cisco.com [64.102.19.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2959443D46; Mon, 3 Apr 2006 18:42:42 +0000 (GMT) (envelope-from marcus@FreeBSD.org) X-TACSUNS: Virus Scanned Received: from rooster.cisco.com (localhost [127.0.0.1]) by av-tac-rtp.cisco.com (8.11.7p1+Sun/8.11.7) with ESMTP id k33IgfI28631; Mon, 3 Apr 2006 14:42:41 -0400 (EDT) Received: from [64.102.193.244] (dhcp-64-102-193-244.cisco.com [64.102.193.244]) by rooster.cisco.com (8.11.7p1+Sun/8.11.7) with ESMTP id k33Igfm00658; Mon, 3 Apr 2006 14:42:41 -0400 (EDT) Message-ID: <44316CAB.2040706@FreeBSD.org> Date: Mon, 03 Apr 2006 14:42:51 -0400 From: Joe Marcus Clarke Organization: FreeBSD, Inc. User-Agent: Thunderbird 1.5 (Macintosh/20051201) MIME-Version: 1.0 To: Robert Watson References: <1144042356.824.16.camel@shumai.marcuscom.com> <20060403104309.Y76562@fledge.watson.org> In-Reply-To: <20060403104309.Y76562@fledge.watson.org> X-Enigmail-Version: 0.93.2.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Cc: hackers@FreeBSD.org Subject: Re: RFC: Adding a ``user'' mount option X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2006 18:42:42 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Robert Watson wrote: > On Mon, 3 Apr 2006, Joe Marcus Clarke wrote: > >> I know we have vfs.usermount, but this is not always sufficient since >> the user has to own the mount point in question. What I propose is to >> add a ``user'' mount option à la Linux. This would make mount and >> umount setuid root, but would allow much more flexibility when it >> comes to removable media and desktop systems. > > I would suggest that an extremely careful security audit of the > userspace and kernel mount and unmount code is due -- especially things > like the per-filesystem mount code (mount_nfs, etc). I'm not against > the principle of this though. Agreed. I was hoping to make this solution secure, flexible, and easy to use. > > Also, I'm not 100% sure we should make the getuid() check return a hard > error in user space. Let's continue to let the kernel code make the > access control decision here. I did the check in user space so that I could read the fstab file, and know that the volume was allowed to be user-[un]mounted. I suppose, though, that I could set the flags in user space, then pass that to the kernel for the actual access control decision as you say. Joe > > Robert N M Watson > >> >> I'm not a src committer, so this isn't a threat to commit. I'm more >> interested in getting feedback, and hopefully some src committer >> interest. I think this would really benefit desktop FreeBSD. >> >> http://www.marcuscom.com/downloads/usermount.diff >> >> Joe >> >> -- >> Joe Marcus Clarke >> FreeBSD GNOME Team :: gnome@FreeBSD.org >> FreeNode / #freebsd-gnome >> http://www.FreeBSD.org/gnome >> - -- Joe Marcus Clarke FreeBSD GNOME Team :: gnome@FreeBSD.org FreeNode / #freebsd-gnome http://www.FreeBSD.org/gnome -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEMWyrb2iPiv4Uz4cRAoEsAJ9FIdAHhxxD37KCw0ma8vs5OUySigCeJbjg UYa4Bjjb9l1F46XGHulZTAI= =qlHM -----END PGP SIGNATURE-----