Re: udevil - mount tool - Casper Ti. Vector

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Casper Ti. Vector" <caspervector@gmail.com>
To: util-linux@vger.kernel.org
Subject: Re: udevil - mount tool
Date: Thu, 19 Nov 2015 10:21:34 +0800	[thread overview]
Message-ID: <20151119022134.GA27094@CasperVector> (raw)
In-Reply-To: <n2ja20$1sf$1@ger.gmane.org>

> % udevil mount -o bind /dev/sdb1
> udevil: denied 90: option 'bind' is not an allowed option

Since the package is provided on you distro, you can install it and then
search for `allowed_options' in /etc/udevil/udevil.conf (or somewhere
like that; distros sometimes modify installation paths).  I think the
default policy is already reasonable; you can still fine-tune it if
necessary, since the mechanism is quite flexible.

On Thu, Nov 19, 2015 at 02:53:04AM +0100, U.Mutlu wrote:
> Do you happen to know if it has some dangerous options like "bind-mounting" 
> like the standard "mount" pgm has?
> Bind-mounting is a big security risk, really, and that's the sole
> reason I was looking for an alternate mount tool for non-root users.

-- 
My current OpenPGP key:
RSA4096/0x227E8CAAB7AA186C (expires: 2020.10.19)
7077 7781 B859 5166 AE07 0286 227E 8CAA B7AA 186C

next prev parent reply	other threads:[~2015-11-19  2:21 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-11-18 17:17 RFC: usermount - a secure mount for unpriviledged users U.Mutlu
2015-11-18 18:24 ` Mantas Mikulėnas
2015-11-19  0:53   ` mount-user.c U.Mutlu
2015-12-03 20:06     ` mount-user.c Michael Conrad
2015-12-04  7:32       ` mount-user.c U.Mutlu
2015-11-19  1:08   ` RFC: usermount - a secure mount for unpriviledged users Casper Ti. Vector
2015-11-19  1:53     ` udevil - mount tool U.Mutlu
2015-11-19  2:21       ` Casper Ti. Vector [this message]
2015-11-19 11:05 ` RFC: usermount - a secure mount for unpriviledged users Karel Zak
2015-11-19 18:07   ` U.Mutlu
2015-11-19 18:18     ` U.Mutlu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20151119022134.GA27094@CasperVector \
    --to=caspervector@gmail.com \
    --cc=util-linux@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.