On Sat 16 Aug 2014 21:57:56 Steven Stewart-Gallus wrote: > The utilities such as mount don't take into account capabilities and always > fail for non root users which is wrong. > > This is really, really, really annoying when working in a sandboxed non root > shell with pseudo capabilities. > > One possible solution to my problem is do some complicated checking for > capabilities that I don't even know how would work. I believe a better and > simpler approach that would work for possible future extensions as well > would be to simply drop privileges whenever one is unprivileged and attempt > to do the task as normally. If you felt like it, a warning along the lines > of "warning: user is unprivileged, attempting mount without privileges" > could be made. As a bonus, failed system calls can sometimes leave > important diagnostic information in the dmesg. guessing the sandbox isn't really meant for security purposes since CAP_SYS_ADMIN can easily be used to recover just about every other capability. http://lwn.net/Articles/486306/ especially considering access to mount means you're allowed to mount arbitrary filesystems w/arbitrary content including set*id progs. so what exactly is the point of trying to support CAP_SYS_ADMIN ? note: i'm not arguing about whether the current UID checks in `mount` are even useful ... it'd make the code simpler to just assume the privs exist, else it'll get errors from the respective syscalls and the user of a misconfigured system can deal with it themselves. -mike
Attachment:
signature.asc
Description: This is a digitally signed message part.
