Re: [patch 0/8] mount ownership and unprivileged mount syscall (v4)

From: Karel Zak
Date: Tue Apr 24 2007 - 20:05:40 EST

Next message: lkml777: "Re: Question about Reiser4"
Previous message: Dave Jones: "Re: [RFC] [PATCH] cpufreq: allow full selection of default governors"
Next in thread: Eric W. Biederman: "Re: [patch 0/8] mount ownership and unprivileged mount syscall (v4)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Apr 20, 2007 at 12:25:32PM +0200, Miklos Szeredi wrote:
> The following extra security measures are taken for unprivileged
> mounts:
>
> - usermounts are limited by a sysctl tunable
> - force "nosuid,nodev" mount options on the created mount

The original userspace "user=" solution also implies the "noexec"
option by default (you can override the default by "exec" option).

It means the kernel based solution is not fully compatible ;-(

Karel

--
Karel Zak <kzak@xxxxxxxxxx>

Red Hat Czech s.r.o.
Purkynova 99/71, 612 45 Brno, Czech Republic
Reg.id: CZ27690016
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: lkml777: "Re: Question about Reiser4"
Previous message: Dave Jones: "Re: [RFC] [PATCH] cpufreq: allow full selection of default governors"
Next in thread: Eric W. Biederman: "Re: [patch 0/8] mount ownership and unprivileged mount syscall (v4)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]