* Why "--fake" and "--no-canonicalize" started requiring root in 2.22? @ 2013-02-03 9:39 Anatol Pomozov 2013-02-03 15:28 ` Karel Zak 0 siblings, 1 reply; 4+ messages in thread From: Anatol Pomozov @ 2013-02-03 9:39 UTC (permalink / raw) To: util-linux Hi, I am trying to compile and use libfuse. Libfuse utilises 'mount' and 'umount' tools. One of few things it uses are "--fake" and "--no-canonicalize" command options run as regular user. It worked fine with previous versions of util-linux (2.20 from Ubuntu Precise). But in the latest version (2.22 from Arch) it fails to run as a regular user: $ mount --version mount from util-linux 2.22.2 (libmount 2.22.0: debug) $ mount --fake mount: only root can use "--fake" option $ mount --no-canonicalize mount: only root can use "--no-canonicalize" option Should it be removed from the list of "restricted" options like it happened with other options recently? This would restore the same behavior that "mount" had before. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Why "--fake" and "--no-canonicalize" started requiring root in 2.22? 2013-02-03 9:39 Why "--fake" and "--no-canonicalize" started requiring root in 2.22? Anatol Pomozov @ 2013-02-03 15:28 ` Karel Zak 2013-02-03 17:06 ` Anatol Pomozov 0 siblings, 1 reply; 4+ messages in thread From: Karel Zak @ 2013-02-03 15:28 UTC (permalink / raw) To: Anatol Pomozov; +Cc: util-linux On Sun, Feb 03, 2013 at 01:39:50AM -0800, Anatol Pomozov wrote: > I am trying to compile and use libfuse. Libfuse utilises 'mount' and > 'umount' tools. One of few things it uses are "--fake" and > "--no-canonicalize" command options run as regular user. It worked > fine with previous versions of util-linux (2.20 from Ubuntu Precise). > But in the latest version (2.22 from Arch) it fails to run as a > regular user: The original (now deprecated) mount code: # git blame --date=short -L 2572,+11 mount-deprecated/mount.c 3d1b35b6 mount/mount.c (Karel Zak 2009-09-30 2572) if (restricted && 3d1b35b6 mount/mount.c (Karel Zak 2009-09-30 2573) (types || options || readwrite || nomtab || mount_all || be9adec4 mount/mount.c (Karel Zak 2009-12-17 2574) nocanonicalize || fake || mounttype || be9adec4 mount/mount.c (Karel Zak 2009-12-17 2575) (argc + specseen) != 1)) { 3d1b35b6 mount/mount.c (Karel Zak 2009-09-30 2576) 3d1b35b6 mount/mount.c (Karel Zak 2009-09-30 2577) if (ruid == 0 && euid != 0) 3d1b35b6 mount/mount.c (Karel Zak 2009-09-30 2578) /* user is root, but setuid to non-root */ 3d1b35b6 mount/mount.c (Karel Zak 2009-09-30 2579) die (EX_USAGE, _("mount: only root can do that " b7481d6f mount/mount.c (Karel Zak 2010-06-14 2580) "(effective UID is %u)"), euid); 3d1b35b6 mount/mount.c (Karel Zak 2009-09-30 2581) 3d1b35b6 mount/mount.c (Karel Zak 2009-09-30 2582) die (EX_USAGE, _("mount: only root can do that")); for example: commit be9adec40ffc81b28cbb051d0aa1f46f596f7b81 Author: Karel Zak <kzak@redhat.com> Date: Thu Dec 17 12:27:16 2009 +0100 mount: disable --no-canonicalize for non-root users Signed-off-by: Karel Zak <kzak@redhat.com> > $ mount --version > mount from util-linux 2.22.2 (libmount 2.22.0: debug) > $ mount --fake > mount: only root can use "--fake" option fake was always disable for non root users > $ mount --no-canonicalize > mount: only root can use "--no-canonicalize" option > > Should it be removed from the list of "restricted" options like it > happened with other options recently? This would restore the same > behavior that "mount" had before. I don't see a change... Karel -- Karel Zak <kzak@redhat.com> http://karelzak.blogspot.com ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Why "--fake" and "--no-canonicalize" started requiring root in 2.22? 2013-02-03 15:28 ` Karel Zak @ 2013-02-03 17:06 ` Anatol Pomozov 2013-02-03 19:51 ` Anatol Pomozov 0 siblings, 1 reply; 4+ messages in thread From: Anatol Pomozov @ 2013-02-03 17:06 UTC (permalink / raw) To: Karel Zak; +Cc: util-linux Hi, Hm.. I am puzzled then. I clearly see that "mount --fake" works on ubuntu precise with linux-util package version 2.20.1. I checked ubuntu-specific changes http://packages.ubuntu.com/precise/util-linux and I do not see anything related to the flags handling. But your change be9adec40ffc8 is merged to project in v2.17.... The only diff between 2.20 vs 2.22 is expression for "restricted": v2.20 /* if we're really root and aren't running setuid */ if (((uid_t)0 == ruid) && (ruid == euid)) { restricted = 0; } v2.22 cxt->restricted = (uid_t) 0 == ruid && ruid == euid ? 0 : 1; My first though was that something wrong with operators precedence in v2.22, but no - expressions evaluated the same way as in v2.20 I keep trying to understand the behavior change between Ubuntu (v2.20.1) and Arch (v2.22) On Sun, Feb 3, 2013 at 7:28 AM, Karel Zak <kzak@redhat.com> wrote: > On Sun, Feb 03, 2013 at 01:39:50AM -0800, Anatol Pomozov wrote: >> I am trying to compile and use libfuse. Libfuse utilises 'mount' and >> 'umount' tools. One of few things it uses are "--fake" and >> "--no-canonicalize" command options run as regular user. It worked >> fine with previous versions of util-linux (2.20 from Ubuntu Precise). >> But in the latest version (2.22 from Arch) it fails to run as a >> regular user: > > The original (now deprecated) mount code: > > # git blame --date=short -L 2572,+11 mount-deprecated/mount.c > > 3d1b35b6 mount/mount.c (Karel Zak 2009-09-30 2572) if (restricted && > 3d1b35b6 mount/mount.c (Karel Zak 2009-09-30 2573) (types || options || readwrite || nomtab || mount_all || > be9adec4 mount/mount.c (Karel Zak 2009-12-17 2574) nocanonicalize || fake || mounttype || > be9adec4 mount/mount.c (Karel Zak 2009-12-17 2575) (argc + specseen) != 1)) { > 3d1b35b6 mount/mount.c (Karel Zak 2009-09-30 2576) > 3d1b35b6 mount/mount.c (Karel Zak 2009-09-30 2577) if (ruid == 0 && euid != 0) > 3d1b35b6 mount/mount.c (Karel Zak 2009-09-30 2578) /* user is root, but setuid to non-root */ > 3d1b35b6 mount/mount.c (Karel Zak 2009-09-30 2579) die (EX_USAGE, _("mount: only root can do that " > b7481d6f mount/mount.c (Karel Zak 2010-06-14 2580) "(effective UID is %u)"), euid); > 3d1b35b6 mount/mount.c (Karel Zak 2009-09-30 2581) > 3d1b35b6 mount/mount.c (Karel Zak 2009-09-30 2582) die (EX_USAGE, _("mount: only root can do that")); > > for example: > > commit be9adec40ffc81b28cbb051d0aa1f46f596f7b81 > Author: Karel Zak <kzak@redhat.com> > Date: Thu Dec 17 12:27:16 2009 +0100 > > mount: disable --no-canonicalize for non-root users > > Signed-off-by: Karel Zak <kzak@redhat.com> > > >> $ mount --version >> mount from util-linux 2.22.2 (libmount 2.22.0: debug) >> $ mount --fake >> mount: only root can use "--fake" option > > fake was always disable for non root users > >> $ mount --no-canonicalize >> mount: only root can use "--no-canonicalize" option >> >> Should it be removed from the list of "restricted" options like it >> happened with other options recently? This would restore the same >> behavior that "mount" had before. > > I don't see a change... > > Karel > > -- > Karel Zak <kzak@redhat.com> > http://karelzak.blogspot.com ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Why "--fake" and "--no-canonicalize" started requiring root in 2.22? 2013-02-03 17:06 ` Anatol Pomozov @ 2013-02-03 19:51 ` Anatol Pomozov 0 siblings, 0 replies; 4+ messages in thread From: Anatol Pomozov @ 2013-02-03 19:51 UTC (permalink / raw) To: Karel Zak; +Cc: util-linux Hi, On Sun, Feb 3, 2013 at 9:06 AM, Anatol Pomozov <anatol.pomozov@gmail.com> wrote: > Hi, > > Hm.. I am puzzled then. I clearly see that "mount --fake" works on > ubuntu precise with linux-util package version 2.20.1. I checked > ubuntu-specific changes http://packages.ubuntu.com/precise/util-linux > and I do not see anything related to the flags handling. But your > change be9adec40ffc8 is merged to project in v2.17.... > > > The only diff between 2.20 vs 2.22 is expression for "restricted": > > v2.20 > /* if we're really root and aren't running setuid */ > if (((uid_t)0 == ruid) && (ruid == euid)) { > restricted = 0; > } > > v2.22 > cxt->restricted = (uid_t) 0 == ruid && ruid == euid ? 0 : 1; > > My first though was that something wrong with operators precedence in > v2.22, but no - expressions evaluated the same way as in v2.20 > > > I keep trying to understand the behavior change between Ubuntu > (v2.20.1) and Arch (v2.22) It seems that the difference is how "mount" processes keys (such as "--fake") when directory parameter is absent. When I run "mount --fake 1" both v2.20 and v2.22 fail with "only root can do that" error. But when I run "mount --fake" only v2.22 fails. I run both programs with strace and see that pair of call "getuid(), geteuid()" is called on v2.22 only. It looks like in v2.20 "--fake" flag is processed (and filtered out) only when directory is present, and in v2.22 processes before checking directory parameter. If this is the only difference then it is better to fix libfuse code. libfuse build system calls "mount --fake --no-canonicalize" to check if "mount" version is recent enough. But imho better way is to call "mount --version" and compare versions explicitly. It is related discussion in fuse-devel maillist http://sourceforge.net/mailarchive/forum.php?thread_name=CAOMFOmUcpG2Z8puzPuRhfykF48tjb43BKt07%2BP-4JaY8-knHXg%40mail.gmail.com&forum_name=fuse-devel > > On Sun, Feb 3, 2013 at 7:28 AM, Karel Zak <kzak@redhat.com> wrote: >> On Sun, Feb 03, 2013 at 01:39:50AM -0800, Anatol Pomozov wrote: >>> I am trying to compile and use libfuse. Libfuse utilises 'mount' and >>> 'umount' tools. One of few things it uses are "--fake" and >>> "--no-canonicalize" command options run as regular user. It worked >>> fine with previous versions of util-linux (2.20 from Ubuntu Precise). >>> But in the latest version (2.22 from Arch) it fails to run as a >>> regular user: >> >> The original (now deprecated) mount code: >> >> # git blame --date=short -L 2572,+11 mount-deprecated/mount.c >> >> 3d1b35b6 mount/mount.c (Karel Zak 2009-09-30 2572) if (restricted && >> 3d1b35b6 mount/mount.c (Karel Zak 2009-09-30 2573) (types || options || readwrite || nomtab || mount_all || >> be9adec4 mount/mount.c (Karel Zak 2009-12-17 2574) nocanonicalize || fake || mounttype || >> be9adec4 mount/mount.c (Karel Zak 2009-12-17 2575) (argc + specseen) != 1)) { >> 3d1b35b6 mount/mount.c (Karel Zak 2009-09-30 2576) >> 3d1b35b6 mount/mount.c (Karel Zak 2009-09-30 2577) if (ruid == 0 && euid != 0) >> 3d1b35b6 mount/mount.c (Karel Zak 2009-09-30 2578) /* user is root, but setuid to non-root */ >> 3d1b35b6 mount/mount.c (Karel Zak 2009-09-30 2579) die (EX_USAGE, _("mount: only root can do that " >> b7481d6f mount/mount.c (Karel Zak 2010-06-14 2580) "(effective UID is %u)"), euid); >> 3d1b35b6 mount/mount.c (Karel Zak 2009-09-30 2581) >> 3d1b35b6 mount/mount.c (Karel Zak 2009-09-30 2582) die (EX_USAGE, _("mount: only root can do that")); >> >> for example: >> >> commit be9adec40ffc81b28cbb051d0aa1f46f596f7b81 >> Author: Karel Zak <kzak@redhat.com> >> Date: Thu Dec 17 12:27:16 2009 +0100 >> >> mount: disable --no-canonicalize for non-root users >> >> Signed-off-by: Karel Zak <kzak@redhat.com> >> >> >>> $ mount --version >>> mount from util-linux 2.22.2 (libmount 2.22.0: debug) >>> $ mount --fake >>> mount: only root can use "--fake" option >> >> fake was always disable for non root users >> >>> $ mount --no-canonicalize >>> mount: only root can use "--no-canonicalize" option >>> >>> Should it be removed from the list of "restricted" options like it >>> happened with other options recently? This would restore the same >>> behavior that "mount" had before. >> >> I don't see a change... >> >> Karel >> >> -- >> Karel Zak <kzak@redhat.com> >> http://karelzak.blogspot.com ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-02-03 19:51 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2013-02-03 9:39 Why "--fake" and "--no-canonicalize" started requiring root in 2.22? Anatol Pomozov 2013-02-03 15:28 ` Karel Zak 2013-02-03 17:06 ` Anatol Pomozov 2013-02-03 19:51 ` Anatol Pomozov
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox