From owner-freebsd-security@FreeBSD.ORG Mon Nov 21 13:43:44 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9D26E16A420 for ; Mon, 21 Nov 2005 13:43:44 +0000 (GMT) (envelope-from freebsd-security-local@be-well.ilk.org) Received: from mail26.sea5.speakeasy.net (mail26.sea5.speakeasy.net [69.17.117.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1515C43D49 for ; Mon, 21 Nov 2005 13:43:44 +0000 (GMT) (envelope-from freebsd-security-local@be-well.ilk.org) Received: (qmail 26281 invoked from network); 21 Nov 2005 13:43:43 -0000 Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org) ([66.92.78.145]) (envelope-sender ) by mail26.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 21 Nov 2005 13:43:43 -0000 Received: by be-well.ilk.org (Postfix, from userid 1147) id 81D972841B; Mon, 21 Nov 2005 08:43:42 -0500 (EST) Sender: lowell@be-well.ilk.org To: Andriy Gapon References: <4381BFE2.80106@icyb.net.ua> From: Lowell Gilbert Date: 21 Nov 2005 08:43:42 -0500 In-Reply-To: <4381BFE2.80106@icyb.net.ua> Message-ID: <44sltqxgj5.fsf@be-well.ilk.org> Lines: 18 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: freebsd-fs@freebsd.org, freebsd-security@freebsd.org Subject: Re: mount -u -r drops nosuid ? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Nov 2005 13:43:44 -0000 Andriy Gapon writes: > Not sure if this is a bug or a feature, but it seems like potential > security risk: I have a ufs fs mounted rw+nosuid, then I needed to > downgrade it to ro, so I executed mount -u -r on it - imagine my surpise > when I found that nosuid flag was removed as well. I know I could have > used mount -u -r -o nosuid, but the present behavior seems to be > non-obvious (update one flag, orthogonal flags dropped as well) and > dangerously so. > > System is 5.4-RELEASE-p3 i386 The behaviour is explicitly documented. I think it is safer (less room to shoot yourself in the foot) to have the flags be exactly the ones you specified in the remount (no more, no less) than to have to know exactly what the state was beforehand. But clearly it's possible to surprise the operator either way.