Date: 21 Nov 2005 08:43:42 -0500 From: Lowell Gilbert <freebsd-security-local@be-well.ilk.org> To: Andriy Gapon <avg@icyb.net.ua> Cc: freebsd-fs@freebsd.org, freebsd-security@freebsd.org Subject: Re: mount -u -r drops nosuid ? Message-ID: <44sltqxgj5.fsf@be-well.ilk.org> In-Reply-To: <4381BFE2.80106@icyb.net.ua> References: <4381BFE2.80106@icyb.net.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
Andriy Gapon <avg@icyb.net.ua> writes: > Not sure if this is a bug or a feature, but it seems like potential > security risk: I have a ufs fs mounted rw+nosuid, then I needed to > downgrade it to ro, so I executed mount -u -r on it - imagine my surpise > when I found that nosuid flag was removed as well. I know I could have > used mount -u -r -o nosuid, but the present behavior seems to be > non-obvious (update one flag, orthogonal flags dropped as well) and > dangerously so. > > System is 5.4-RELEASE-p3 i386 The behaviour is explicitly documented. I think it is safer (less room to shoot yourself in the foot) to have the flags be exactly the ones you specified in the remount (no more, no less) than to have to know exactly what the state was beforehand. But clearly it's possible to surprise the operator either way.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44sltqxgj5.fsf>