> On 4/6/07, H. Peter Anvin <hpa@xxxxxxxxx> wrote: > > Jan Engelhardt wrote: > > > On Apr 6 2007 16:16, H. Peter Anvin wrote: > > >>>> - users can use bind mounts without having to pre-configure them in > > >>>> /etc/fstab > > >>>> > > >> This is by far the biggest concern I see. I think the security implication of > > >> allowing anyone to do bind mounts are poorly understood. > > > > > > $ whoami > > > miklos > > > $ mount --bind / ~/down_under > > > > > > later that day: > > > # userdel -r miklos > > > > > > > Consider backups, for example. > > > > This is the reason why enforcing private namespaces for user mounts > makes sense. I think it catches many of these corner cases. Yes, disabling user bind mounts in the global namespace makes sense. Enabling user fuse mounts in the global namespace still works though, even if a little cludgy. All these nasty corner cases have been thought through and validated by a lot of users. Thanks, Miklos - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html