On Fri, Nov 6, 2009 at 2:46 PM, Karel Zak <kzak@xxxxxxxxxx> wrote: > On Fri, Nov 06, 2009 at 02:04:39PM +0000, Terry Burton wrote: >> On Fri, Nov 6, 2009 at 1:27 PM, Karel Zak <kzak@xxxxxxxxxx> wrote: >> > On Fri, Nov 06, 2009 at 12:34:45PM +0000, Terry Burton wrote: >> That sounds like "cover your ass" security to me, rather than anything >> actually corrective or at least preventative. Add a note to the >> documentation would do little in the way of preventing users from >> exposure to this vulnerability. If the tool is not going to do what >> the command line arguments imply, surely it would be better to surface > > the tool does nothing, it's kernel who is interpreting mount() > syscall and kernel does not return any error if you ask for read-only > bind mount (see strace output). I now understand the reluctance to add more functionality to the userland code. <...snip...> >> 3. Leave mount broken and refuse a combination of -o ro and --bind >> arguments - "ERROR: Invalid argument for a --bind mount, -ro" > > the best solution seem to try to detect MS_BIND + MS_RDONLY and then > try to open() read-write any file in the target directory, and update > mtab according to the result from this test. And print any warning > if the target directory is still read-write. I will give this some thought... Many thanks for your insight. Terry -- To unsubscribe from this list: send the line "unsubscribe util-linux-ng" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html