On Thu, 1 Jun 2000, Alexander Viro wrote:
> > Can anyone elaborate on what precisely we allow and why? Despite being
> > named "do_loopback", it looks like a simple aliasing mechanism.
>
> Yes, it is, and yes, it happened to be simple after some work ;-)
>
> > At the very least, mount_is_safe() would seem to be missing a check for
> > write permission on the parent directory of the mount-point.
>
> Hmm... What's the problem with situation when you have write permissions
> on mountpoint but not on its parent? MAY_WRITE on mountpoint is checked,
> unless I've really fscked up. Comments on security implications are more
> than welcome - the variant I've done was, basically, "can we reach the
> thing to be mounted anyway and can we already do whatever we want with the
> contents of the mountpoint?"
Hi Al
Thanks for replying. Thinking about it, it's logical to demand write
access in parent directory (P).
We are essentially replacing a dentry in P with a totally different
one. This is semantically equivalent to
mv(old_dentry, backup_dentry)
mkdir(new_dentry)
And the above sequence certainly requires write permission in P
The only difference is that the mount "bind" case does the above sequence
atomically.
Cheers
Chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Jun 07 2000 - 21:00:13 EST