From: Eric Van Hensbergen <ericvh@gmail.com>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
hch@infradead.org, akpm@osdl.org,
viro@parcelfarce.linux.theplanet.co.uk
Subject: Re: [RFC] FUSE permission modell (Was: fuse review bits)
Date: Sun, 17 Apr 2005 13:01:31 -0500 [thread overview]
Message-ID: <a4e6962a050417110160a464d8@mail.gmail.com> (raw)
In-Reply-To: <E1DL08S-0008UH-00@dorka.pomaz.szeredi.hu>
On 4/11/05, Miklos Szeredi <miklos@szeredi.hu> wrote:
>
> 1) Only allow mount over a directory for which the user has write
> access (and is not sticky)
>
> 2) Use nosuid,nodev mount options
>
> [ parts deleted ]
Do these solve all the security concerns with unprivileged mounts, or
are there other barriers/concerns? Should there be ulimit (or rlimit)
style restrictions on how many mounts/binds a user is allowed to have
to prevent users from abusing mount privs?
I was thinking about this a while back and thought having a user-mount
permissions file might be the right way to address lots of these
issues. Essentially it would contain information about what
users/groups were allowed to mount what sources to what destinations
and with what mandatory options.
You can get the start of this with the user/users/etc. stuff in
/etc/fstab, but I was envisioning something a bit more dynamic with
regular expression based rules for sources and destinations. So,
something like:
# /etc/usermounts: user mount permissions
# <fs> <mount point> <type> <opts>
# allow users to mount any file system under their home directory
* $HOME *
nosuid, nosgid
# allow users to bind over /usr/bin as long as its only in their
private namespace
* /usr/bin
bind newns
# allow users to loopback mount distributed file systems to /mnt
127.0.0.1 /mnt *
nosuid, nosgid
# allow users to mount files over any directory they have right access to
* (perm=0222) *
nosuid, nosgid
Is this unnecessary? Is this not enough?
-eric
next prev parent reply other threads:[~2005-04-17 18:01 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-03-18 17:33 [PATCH] FUSE: fix busy inodes after unmount Miklos Szeredi
2005-03-20 16:15 ` fuse is cool and robust bert hubert
2005-03-20 21:55 ` Jan Engelhardt
2005-03-21 6:52 ` bert hubert
2005-03-20 23:12 ` Andrew Morton
[not found] ` <20050321073519.GA13879@outpost.ds9a.nl>
[not found] ` <20050323083347.GA1807@infradead.org>
[not found] ` <E1DE2D1-0005Ie-00@dorka.pomaz.szeredi.hu>
[not found] ` <20050325095838.GA9471@infradead.org>
[not found] ` <E1DEmYC-0008Qg-00@dorka.pomaz.szeredi.hu>
[not found] ` <20050331112427.GA15034@infradead.org>
[not found] ` <E1DH13O-000400-00@dorka.pomaz.szeredi.hu>
[not found] ` <20050331200502.GA24589@infradead.org>
[not found] ` <E1DJsH6-0004nv-00@dorka.pomaz.szeredi.hu>
[not found] ` <20050411114728.GA13128@infradead.org>
2005-04-11 14:43 ` [RFC] FUSE permission modell (Was: fuse review bits) Miklos Szeredi
2005-04-11 15:36 ` Daniel Jacobowitz
2005-04-11 15:56 ` Miklos Szeredi
2005-04-11 18:17 ` Daniel Jacobowitz
2005-04-11 19:10 ` Miklos Szeredi
2005-04-11 19:22 ` Daniel Jacobowitz
2005-04-11 19:56 ` Miklos Szeredi
2005-04-11 21:41 ` Jamie Lokier
2005-04-12 6:10 ` Miklos Szeredi
2005-04-12 14:33 ` Jamie Lokier
2005-04-12 15:13 ` Miklos Szeredi
2005-04-12 16:03 ` Miklos Szeredi
2005-04-12 15:16 ` Frank Sorenson
2005-04-12 15:56 ` Jamie Lokier
2005-04-17 17:45 ` Eric Van Hensbergen
2005-04-17 18:06 ` Jamie Lokier
2005-04-12 20:36 ` Anton Altaparmakov
2005-04-11 22:13 ` Daniel Jacobowitz
2005-04-12 6:27 ` Miklos Szeredi
2005-04-12 14:32 ` Jamie Lokier
2005-04-12 14:59 ` Miklos Szeredi
2005-04-12 16:13 ` Jamie Lokier
2005-04-12 16:37 ` Miklos Szeredi
2005-04-12 16:45 ` Jamie Lokier
2005-04-12 16:52 ` Miklos Szeredi
2005-04-12 17:14 ` Jamie Lokier
2005-04-12 19:10 ` Miklos Szeredi
2005-04-12 16:42 ` Jan Hudec
2005-04-11 19:43 ` Yaroslav Rastrigin
2005-04-12 8:06 ` Jan Hudec
2005-04-11 18:22 ` Jamie Lokier
2005-04-11 18:27 ` Daniel Jacobowitz
2005-04-11 19:38 ` Miklos Szeredi
2005-04-17 18:01 ` Eric Van Hensbergen [this message]
2005-04-17 18:45 ` Miklos Szeredi
2005-04-17 19:57 ` Eric Van Hensbergen
[not found] <3S8oM-So-11@gated-at.bofh.it>
[not found] ` <3S8oM-So-13@gated-at.bofh.it>
[not found] ` <3S8oN-So-15@gated-at.bofh.it>
[not found] ` <3S8oN-So-17@gated-at.bofh.it>
[not found] ` <3S8oN-So-19@gated-at.bofh.it>
[not found] ` <3S8oN-So-21@gated-at.bofh.it>
[not found] ` <3S8oN-So-23@gated-at.bofh.it>
[not found] ` <3S8oN-So-25@gated-at.bofh.it>
[not found] ` <3S8oN-So-27@gated-at.bofh.it>
[not found] ` <3S8oM-So-7@gated-at.bofh.it>
[not found] ` <3SbPN-3T4-19@gated-at.bofh.it>
2005-04-12 9:17 ` Bodo Eggert <harvested.in.lkml@posting.7eggert.dyndns.org>
2005-04-12 9:17 ` Bodo Eggert <harvested.in.lkml@posting.7eggert.dyndns.org>
2005-04-12 14:45 ` Jamie Lokier
2005-04-12 14:45 ` Jamie Lokier
2005-04-12 15:19 ` Miklos Szeredi
2005-04-12 16:04 ` Jamie Lokier
2005-04-12 16:31 ` Miklos Szeredi
2005-04-12 16:44 ` Jamie Lokier
2005-04-12 16:55 ` Miklos Szeredi
2005-04-12 17:13 ` Jamie Lokier
2005-04-12 19:08 ` Miklos Szeredi
2005-04-13 12:56 ` Jan Hudec
2005-04-13 15:08 ` Miklos Szeredi
2005-04-13 16:13 ` Jamie Lokier
2005-04-13 16:47 ` Miklos Szeredi
2005-04-13 16:57 ` Jamie Lokier
2005-04-13 15:58 ` Jamie Lokier
2005-04-12 20:19 ` Anton Altaparmakov
2005-04-12 21:52 ` Jamie Lokier
2005-04-13 9:14 ` Miklos Szeredi
2005-04-13 12:59 ` Jan Hudec
2005-04-13 17:02 ` Jamie Lokier
2005-04-13 17:29 ` Miklos Szeredi
2005-04-13 18:36 ` Jamie Lokier
2005-04-13 19:16 ` Miklos Szeredi
[not found] ` <3S9b7-1yl-1@gated-at.bofh.it>
[not found] ` <3S9uB-1Lj-3@gated-at.bofh.it>
[not found] ` <3SbG5-3Mb-41@gated-at.bofh.it>
[not found] ` <3ScC1-4zl-1@gated-at.bofh.it>
[not found] ` <3ScLO-4GA-9@gated-at.bofh.it>
[not found] ` <3SdeV-54h-21@gated-at.bofh.it>
[not found] ` <3SeXf-6BK-21@gated-at.bofh.it>
[not found] ` <E1DLKOd-0001Nd-MG@be1.7eggert.dyndns.org>
2005-04-12 14:37 ` Jamie Lokier
2005-04-12 19:51 ` Bodo Eggert
[not found] ` <3UmnD-6Fy-7@gated-at.bofh.it>
2005-04-17 23:52 ` Bodo Eggert <harvested.in.lkml@posting.7eggert.dyndns.org>
2005-04-19 11:57 ` Eric Van Hensbergen
2005-04-19 15:01 ` Bodo Eggert
2005-04-19 15:21 ` Miklos Szeredi
2005-04-19 15:26 ` Eric Van Hensbergen
2005-04-19 16:02 ` Bodo Eggert
2005-04-19 19:29 ` Eric Van Hensbergen
2005-04-20 3:59 ` Mike Waychison
2005-04-20 7:09 ` Miklos Szeredi
[not found] <3UrQt-2Js-3@gated-at.bofh.it>
[not found] ` <3SpIW-6UA-17@gated-at.bofh.it>
[not found] ` <3SpIW-6UA-19@gated-at.bofh.it>
[not found] ` <3SpIW-6UA-21@gated-at.bofh.it>
[not found] ` <3UrQt-2Js-5@gated-at.bofh.it>
[not found] ` <3UrQt-2Js-1@gated-at.bofh.it>
[not found] ` <3UZyS-55i-39@gated-at.bofh.it>
[not found] ` <3V2wG-7HR-19@gated-at.bofh.it>
[not found] ` <3V2PX-7Vh-23@gated-at.bofh.it>
[not found] ` <3V6Ae-2Ce-17@gated-at.bofh.it>
[not found] ` <3V6JW-2K9-49@gated-at.bofh.it>
[not found] ` <3VeHl-NF-3@gated-at.bofh.it>
2005-04-20 19:52 ` Bodo Eggert <harvested.in.lkml@posting.7eggert.dyndns.org>
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a4e6962a050417110160a464d8@mail.gmail.com \
--to=ericvh@gmail.com \
--cc=akpm@osdl.org \
--cc=hch@infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=viro@parcelfarce.linux.theplanet.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.