On Wed, Nov 18, 2009 at 2:01 PM, Karel Zak <kzak@xxxxxxxxxx> wrote: > On Fri, Nov 06, 2009 at 03:46:20PM +0100, Karel Zak wrote: >> On Fri, Nov 06, 2009 at 02:04:39PM +0000, Terry Burton wrote: >> > 3. Leave mount broken and refuse a combination of -o ro and --bind >> > arguments - "ERROR: Invalid argument for a --bind mount, -ro" >> >> the best solution seem to try to detect MS_BIND + MS_RDONLY and then >> try to open() read-write any file in the target directory, and update >> mtab according to the result from this test. And print any warning >> if the target directory is still read-write. > > I forgot note that > > # mount --bind /foo /bar > # mount -o remount,ro /bar > > works as expected (/foo is rw and /bar is ro). Karel, cc: Kusanagi Kouichi Thanks for the advice. This is precisely the approach I have been using since read-only bind mounts first became available. My reason for raising this issue at this time is that I was asked to investigate an instance where a knowledgeable sysadmin's security assumptions were entirely invalided because of the silent failure then misreporting of the command sequence mount --bind -o ro ...; mount ... which (along with other omissions) ultimately led to their web content being defaced. I might agree that it seems wrong for the kernel to silently disregard the MS_RDONLY option, but nevertheless somebody ought to own this issue and work to close or highlight this security flaw and when this issue has been I've not yet had the chance to give any attention to solving the issue in the way that you suggest, however I imagine that there may be complications for filesystems that have naming restrictions? Having said that, it does appear as though this issue may have just gained some traction in the kernel [1]. Kusanagi: Was there any further offlist reception for your recent patch? It seems very sensible and would ultimately resolve the issue discussed here [2]. [1] http://patchwork.kernel.org/patch/56569/ [2] http://thread.gmane.org/gmane.linux.utilities.util-linux-ng/2771 All the best, Terry -- To unsubscribe from this list: send the line "unsubscribe util-linux-ng" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
