Quoting Miklos Szeredi (miklos@xxxxxxxxxx): > On Wed, 27 Aug 2008, Serge E. Hallyn wrote: > > Quoting Miklos Szeredi (miklos@xxxxxxxxxx): > > > Serge, thanks for spotting this: it looks indeed a nasty hole! I also > > > agree about the solution. > > > > Are you implementing it, or did you want me to? > > I'll implement it. Ok, thanks. I look forward to playing around with it when you publish the resulting git tree :) > > > But yeah, we should think this over very carefully. Especially > > > interaction with mount propagation, which has very complicated and > > > sometimes rather counter-intuitive semantics. > > > > I know we discussed before about whether a propagated mount from a > > non-user mount to a user mount should end up being owned by the user > > or not. I don't recall (and am not checking the code at the moment > > as your tree is sitting elsewhere) whether we mark the propagated > > tree with the right nosuid and nodev flags, or whether we call it > > a user mount or not. > > If the destination is a user mount, then > > - the propagated mount(s) will be owned by the same user as the destination > - the propagated mount(s) will inherit 'nosuid' from the destination > > I remember also thinking about 'nodev' and why it doesn't need similar > treatment to 'nosuid'. The reasoning was that 'nodev' is safe as long > as permissions are enforced, namespace shuffling cannot make it > insecure. Does that sound correct? Yes that sounds correct, thanks for the refresher. -serge -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
