Date: Tue, 04 Apr 2006 02:51:33 -0400 From: Joe Marcus Clarke <marcus@FreeBSD.org> To: Robert Watson <rwatson@FreeBSD.org> Cc: hackers@FreeBSD.org Subject: Re: RFC: Adding a ``user'' mount option Message-ID: <1144133493.9725.36.camel@shumai.marcuscom.com> In-Reply-To: <20060403232730.E76562@fledge.watson.org> References: <1144042356.824.16.camel@shumai.marcuscom.com> <20060403104309.Y76562@fledge.watson.org> <44316CAB.2040706@FreeBSD.org> <20060403232730.E76562@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-K/Cgq+fdqB8B1GWLTuHp Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Mon, 2006-04-03 at 23:30 +0100, Robert Watson wrote: > On Mon, 3 Apr 2006, Joe Marcus Clarke wrote: >=20 > >> I would suggest that an extremely careful security audit of the usersp= ace=20 > >> and kernel mount and unmount code is due -- especially things like the= =20 > >> per-filesystem mount code (mount_nfs, etc). I'm not against the princ= iple=20 > >> of this though. > > > > Agreed. I was hoping to make this solution secure, flexible, and easy = to=20 > > use. >=20 > Sure. And if you don't commit bug fixes to mount, we'll know you haven't= =20 > tried looking very hard, because it seems very likely to me it has proble= ms=20 > :-). >=20 > >> Also, I'm not 100% sure we should make the getuid() check return a har= d=20 > >> error in user space. Let's continue to let the kernel code make the a= ccess=20 > >> control decision here. > > > > I did the check in user space so that I could read the fstab file, and = know=20 > > that the volume was allowed to be user-[un]mounted. I suppose, though,= that=20 > > I could set the flags in user space, then pass that to the kernel for t= he=20 > > actual access control decision as you say. >=20 > I'm not entirely clear on what ideal is, but one possibility is to allow = the=20 > user mount bit to determine whether the mount system call is invoked with= =20 > privilege. Thanks for the feedback. I'll try and release an updated diff this weekend that incorporates your suggestions, and I'll attempt the wildcard suggestion made by silby. Joe >=20 > Robert N M Watson >=20 --=20 Joe Marcus Clarke FreeBSD GNOME Team :: gnome@FreeBSD.org FreeNode / #freebsd-gnome http://www.FreeBSD.org/gnome --=-K/Cgq+fdqB8B1GWLTuHp Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQBEMhd1b2iPiv4Uz4cRAtKLAKCZgj4Q5H2wV3tqeEqyyaxpuQB8GgCbBv/n JvCLLeqH+1yjZpuEtdPt+80= =ml5G -----END PGP SIGNATURE----- --=-K/Cgq+fdqB8B1GWLTuHp--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1144133493.9725.36.camel>