From: urlichs@smurf.sub.org (Matthias Urlichs) Subject: Re: A warning Date: 15 Feb 1993 01:13:25 +0100
In comp.os.linux, article <1993Feb14.194001.8167@kf8nh.wariat.org>,
kf8nh@kf8nh.wariat.org writes:
> In article <1ljlsh$t7t@smurf.sub.org> urlichs@smurf.sub.org (Matthias Urlichs) writes:
> >NB: Are there any problems with non-root mounts, other than requiring
> >writability of the directory and turning off setuid()/setgid() to all
> >uids (except the one of the current user of course -- come to think of it,
> >the NOSUID flag doesn't seem to be implemented yet -- has anybody done it
> >already, or should I just do it?)
>
> You also need to disregard device nodes for non-root mounts.
Oops -- thanks, I forgot about that one. So, for non-root mounts, force
noexec and nosuid flags to TRUE. Anything else?
> Doesn't some BSD variant have a "nodevs" option to mount?
>
I think so... *grapple* Hey, _Linux_ has that flag! And it works! ;-)
> You also need to make sure the filesystem type to be mounted supports the
> options. If it silently accepts them then you aren't safe.
>
Hmm, the device open code is identical for most if not all file systems
(I sent a patch to Linus which collects the code into one file yesterday),
so this shouldn't be a problem.
Somebody forgetting to NFS-mount a remote file without NODEV set, from
an insecure machine, is a bigger security risk.
Anyway, the patch seems to be somewhat simple. Should be in the next
version, assuming that Linus likes it.
-- You are sick, twisted and perverted. I like that in a person. -- Matthias Urlichs -- urlichs@smurf.sub.org -- urlichs@smurf.ira.uka.de /(o\ Humboldtstrasse 7 -- 7500 Karlsruhe 1 -- Germany -- +49-721-9612521 \o)/