Re: [RCF] [PATCH] unprivileged mount/umount

[Ram <linuxram@us.ibm.com>]

[-- Attachment #1: Type: text/plain, Size: 1970 bytes --]

On Fri, 2005-05-13 at 00:25, Ram wrote:
> On Thu, 2005-05-12 at 18:10, Ram wrote:
> > On Thu, 2005-05-12 at 11:51, Miklos Szeredi wrote:
> > > > > I'm not sure passing directory file descriptors is the right semantic
> > > > > we want - but at least it provides a point of explicit control (in
> > > > > much the same way as a bind).  Are you sure the clone + open("/") +
> > > > > pass-to-parent scenario you allows the parent to traverse the child's
> > > > > private name space through that fd?
> > > > 
> > > > Pretty sure.
> > > 
> > > Yup.  Attached a little program that can be used to try this out.  It
> > > creates a new namespace in the child, does a bind mount (so the
> > > namespaces can be differentiated), then sends the file descriptor of
> > > "/" to the parent.  The parent does fchdir(fd), then starts a shell.
> > 
> > 
> > > So the result is that CWD is under the child namespace, while root is
> > > under the initial namespace.
> > > 
> > 
> > r u sure, this program works? Sorry if I am saying something dumb here.
> > Correct me.  When a file descriptor is sent from one process to other,
> > arn't they referring to different files in each of the processes.
> > fd=5 may be pointing to file 'xyz' in parent process, 
> > where as fd=5 will be pointing to 'abc' in the child process.  
> > 
> > This program did not work for me, and I was wondering if adding
> > CLONE_FILES in clone() would help. Because that would make sure
> >  that both
> > the processes share the same file descriptor. It did not work too.
> > 
> > What am I understanding wrong?
> 
> Sorry it works. I was misinterpreting the results. 
> 
> > 
> > In any case my opinion is if this program works than the hole should
> > be closed instead of exploting it to access different namespace. I 
> > know Jamie is going to pounce at me. ;)
> 
> a patch is due to fix the problem :)


attached a patch that can fix the problem, if everybody agrees that its
a problem. 

> RP
> 

[-- Attachment #2: fix.patch --]
[-- Type: text/x-patch, Size: 368 bytes --]

--- /home/linux/views/linux-2.6.12-rc4/fs/open.c	2005-03-02 03:00:01.000000000 -0800
+++ linux-2.6.12-rc4/fs/open.c	2005-05-13 01:30:44.000000000 -0700
@@ -552,6 +552,8 @@
 	dentry = file->f_dentry;
 	mnt = file->f_vfsmnt;
 	inode = dentry->d_inode;
+	if(mnt->mnt_namespace != current->namespace)
+		goto out_putf;
 
 	error = -ENOTDIR;
 	if (!S_ISDIR(inode->i_mode))