From: Jamie Lokier <jamie@shareable.org>
To: Jan Hudec <bulb@ucw.cz>
Cc: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>,
Eric Van Hensbergen <ericvh@gmail.com>,
linux-fsdevel@vger.kernel.org
Subject: Re: [RFC][2.6 patch] Allow creation of new namespaces during mount system call
Date: Wed, 20 Apr 2005 23:13:58 +0100 [thread overview]
Message-ID: <20050420221358.GC21150@mail.shareable.org> (raw)
In-Reply-To: <20050420124829.GB23518@vagabond>
Jan Hudec wrote:
> > For FUSE, what's needed is that a user can mount something, and the
> > mounted fs is visible only to that user, but it's visible to _all_ of
> > the user's processes.
>
> Including root's su to that user...
> Keeping information in a process group is the *only* way to actually
> lock out root.
If root is _intending_ to view the user's data, it will succeed.
Keeping them in a process group won't prevent that: root can look at
the data accessible by any process (via ptrace or /dev/mem).
The problem most clearly illustrating the need for private user data
is sshfs, or anything which mounts over ssl/tls.
> That is, except some kind of keyring in kernel.
For secure user data, as in sshfs, that's the only real solution: a
keyring in kernel which cannot be accessed simply by calling su, and
which must be accessed to gain access to the mounted directory.
Which is no different from securing user data when scp+ssh-agent is used.
-- Jamie
next prev parent reply other threads:[~2005-04-20 22:14 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-19 22:13 [RFC][2.6 patch] Allow creation of new namespaces during mount system call Eric Van Hensbergen
2005-04-19 22:23 ` Al Viro
2005-04-19 23:53 ` Eric Van Hensbergen
2005-04-20 3:33 ` Al Viro
2005-04-20 9:45 ` Jamie Lokier
2005-04-20 10:27 ` Al Viro
2005-04-20 12:03 ` Jamie Lokier
2005-04-20 12:39 ` Al Viro
2005-04-20 16:51 ` Ram
2005-04-20 17:09 ` Al Viro
2005-04-20 17:53 ` Miklos Szeredi
[not found] ` <a4e6962a0504201107518416e9@mail.gmail.com>
2005-04-20 18:18 ` Eric Van Hensbergen
2005-04-20 18:34 ` Miklos Szeredi
2005-04-20 20:43 ` Jamie Lokier
2005-04-20 20:54 ` Al Viro
2005-04-20 22:16 ` Jamie Lokier
2005-04-20 21:08 ` Al Viro
2005-04-20 22:19 ` Jamie Lokier
2005-04-20 18:00 ` Eric Van Hensbergen
2005-04-20 18:33 ` Ram
2005-04-20 22:04 ` Jamie Lokier
2005-04-30 8:56 ` Christoph Hellwig
2005-04-30 15:01 ` Jamie Lokier
2005-05-11 9:05 ` Christoph Hellwig
2005-04-21 7:33 ` Mount bind filehandle (Was: Re: [RFC][2.6 patch] Allow creation of new namespaces during mount system call) Jan Hudec
2005-04-21 8:09 ` Christoph Hellwig
2005-04-21 9:32 ` Jan Hudec
2005-04-20 18:57 ` [RFC][2.6 patch] Allow creation of new namespaces during mount system call Bryan Henderson
2005-04-20 19:37 ` Miklos Szeredi
2005-04-21 0:08 ` Bryan Henderson
2005-04-21 8:06 ` Miklos Szeredi
2005-04-21 13:33 ` [RFC][patch] mount permissions (was: [RFC][2.6 patch] Allow ...) Miklos Szeredi
2005-04-21 16:57 ` [RFC][2.6 patch] Allow creation of new namespaces during mount system call Bryan Henderson
2005-04-20 20:51 ` Al Viro
2005-04-21 0:23 ` Bryan Henderson
2005-04-21 0:32 ` Al Viro
2005-04-21 8:10 ` Christoph Hellwig
2005-04-20 21:09 ` Ram
2005-04-21 0:42 ` Bryan Henderson
2005-04-21 19:10 ` Ram
2005-04-20 18:25 ` Bryan Henderson
2005-04-20 12:48 ` Jan Hudec
2005-04-20 22:13 ` Jamie Lokier [this message]
2005-04-21 10:09 ` Jan Hudec
2005-04-21 18:44 ` Jamie Lokier
2005-04-21 18:52 ` Hiding secrets from root (Was: Re: [RFC][2.6 patch] Allow creation of new namespaces during mount system call) Jan Hudec
2005-04-21 20:35 ` Jamie Lokier
2005-04-20 13:14 ` [RFC][2.6 patch] Allow creation of new namespaces during mount system call Eric Van Hensbergen
2005-04-20 13:55 ` Eric Van Hensbergen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050420221358.GC21150@mail.shareable.org \
--to=jamie@shareable.org \
--cc=bulb@ucw.cz \
--cc=ericvh@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=viro@parcelfarce.linux.theplanet.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).