On Sat, 2006-06-17 at 01:29 +0200, Grzegorz Kulewski wrote: > Isn't this some kind of security risk (at least in my planned use)? I mean > - for a small fraction of second somebody seeing /dest can write > /source... No? I assume you're talking about this kind of situation: mount --bind /local/writable/dir /chroot/untrusted/area/ mount --o remount,ro /chroot/untrusted/area/ Where there is a window where someone in the chroot can write into the local directory. Yes. There would be a race there. However, you can also do the following, which will have no window. It has a few more steps, but it is a much simpler thing to deal with in the kernel. Believe me, it starts to get ugly when you try to handle permission and flag changes at mount time. Keeping --bind'ing as *just* a simple "copy the source mount" operation makes the implementation very much simpler. This has no r/w window in the chroot area: mount --bind /local/writable/dir /tmp/area/ mount --o remount,ro /tmp/area/ mount --bind /tmp/area/ /chroot/untrusted/area/ umount /tmp/area/ -- Dave - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
