Matthias Schniedermeyer <ms@xxxxxxx> writes: > On 06.10.2013 23:55, Eric W. Biederman wrote: >> "Serge E. Hallyn" <serge@xxxxxxxxxx> writes: >> >> So if we can feel safe just depending on the parent directory >> permissions (which are not hidden by a mount) protecting our mount >> points, I feel much better about this patchset. > > As far as i can tell, the permissions of the host-directory of a > mount-point are hidden, at least for user-space. > (Ignoring (bind-)mounting the parent-mount somewhere else) > > As root: > $ mkdir /tmp/test > $ ls -ld /tmp/test > drwxr-xr-x 2 root root 40 Oct 8 12:33 /tmp/test > > $ mount tmpfs -t tmpfs /tmp/test > $ ls -ld /tmp/test > drwxrwxrwt 2 root root 40 Oct 8 12:33 /tmp/test > > $ chown nobody.users /tmp/test > $ ls -ld /tmp/test > drwxrwxrwt 2 nobody users 40 Oct 8 12:33 /tmp/test > > $ umount /tmp/test > $ ls -ld /tmp/test > drwxr-xr-x 2 root root 40 Oct 8 12:33 /tmp/test > > > So if the kernel would check the host-directory-permissions for allowing > umounting by rmdir it follows that a "plain user" doesn't have any > possibility to know beforehand if rmdir/umount would be possible. Except the directory that is relevant to unlink/rmdir in your example is /tmp not /tmp/test. But thanks for the eyeball. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
