mount user option

ibotty bsd at ibotty.net
Tue Sep 23 10:42:15 PDT 2003


> :> the attached patch has some drawbacks:
> :>  1) /sbin/mount needs to be suid root.
> :>  2) it byepasses vfs.usermount security checks.
> :>  3) a user currently cannot umount the filesystem ;-p
> :>
> :These drawbacks listed are considerable. I think there will be a better
> :approach in a few weeks as work on the VFS subsystem finishes up.
> :With that noted the three drawbacks listed are very severe.
>
>     We should
>     probably have an entirely new utility to handle user mounts and
>     unmounts, maybe call it 'usermount', so we can separate out the
>     security issues.

this was one thing i thought of as well (well, i wanted mount to be a
wrapper above real_mount (which is ordinary mount then)).
i just wanted to keep it simple, but KISS does not serve well here, i guess.

>     I would then restrict 'usermount' to root or whoever currently owns
>     the
>     system console.  As you know, the system console tends to be held by
>     the user id owning the X session so this would be a good way to
>     determine
>     who is actually sitting in front of the machine.  We definitely cannot
>     allow the program to be run by any user.

do we want to have most functionality inside the kernel?
if not, this usermount will have to be 4555. (i would be pleased, if proven
wrong though).

>     vfs.usermount is a terrible hack as it stands, but it can serve as
>     a framework for the console ownership check.

what i dislike about the vfs.usermount approach is, that it enforces, that
the user can write to the device. this is something, i want to restrict.
maybe one cannot do much harm, but it is still no good idea, i think.

i understand, that a floppy may need write access, but a read-only cdrom?

>     A user-mounted filesystem could be flagged such that it can be
>     similarly unmounted.

this is really a non-issue, because we have struct statfs->f_owner.
this is kind of the flag, you are talking about, right?
(well vfs.usermount mounted fs set this flag, so you may well mean something
different.)
i would just need a way to set it from usermode.

~ibotty





More information about the Submit mailing list