On Tue, Mar 11, 2025 at 05:36:00PM +0000, Al Viro wrote: > On Tue, Mar 11, 2025 at 12:01:48PM +0100, Christian Brauner wrote: > > > The case where arbitrary devices stuck into a laptop (e.g., USB sticks) > > are mounted isn't solved by making a filesystem mountable unprivileged. > > The mounted device cannot show up in the global mount namespace > > somewhere since the user doesn't own the initial mount+user namespace. > > So it's pointless. In other words, there's filesystem level checks and > > mount namespace based checks. Circumventing that restriction means that > > any user can just mount the device at any location in the global mount > > namespace and therefore simply overmount other stuff. > > Note that "untrusted contents" is not the worst thing you can run into - > it can be content changing behind your back. I seriously doubt that > anyone fuzzes for that kind of crap (and no, it's not an invitation to > start). I seriously doubt that there's any local filesystem that would > be resilent to that... Given network block devices (more common with cloud stuff these days), it's not a totally unreasonable thing to want to be secure against. I'd love to see someone attack bcachefs that way - in a few more years :)
