"Most" != "all".
> > Sometimes network servers have to run as root.
>
> For most network servers, the part that must run as root is very
> small. Many servers are misdesigned and run all their code as root,
> but read-only lofs is not a quick fix for that problem.
No, but it provides an extra level of security.
> > One of the most common bugs I see in CERT announcements is that some
> > or other server isn't preventing unauthorised writing to some file. A
> > read-only lofs offers strong protection against that.
>
> root can change the mount options for the loopback mount, or it can
> access /root/.rhosts, /etc/shadow etc. without going through the
> loopback mount. read-only loopback mounts offer no protection from
> programs running as root.
Most of the exploits I see published in CERT relate to violating file
permissions, not to running arbitrary code as root. That's not to say
that the latter doesn't happen, just that the former seems more
likely. It's easier to find a file access weakness to exploit than a
root execution weakness.
> Do you have any real applications for read-only loopback mounts that
> cannot be solved using conventional, portable techniques?
Yeah, network servers, like I said. I've found "mount -o ro" to be
pretty portable. I don't think it's fair to label a read-only lofs as
unconventional and unportable.
Regards,
Richard....
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/