Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 02 Mar 2015 05:02:56 +0000 (GMT)
From: Steven Stewart-Gallus <sstewartgallus00@...angara.bc.ca>
To: Rich Felker <dalias@...c.org>
Cc: oss-security@...ts.openwall.com, ryao@...too.org
Subject: Re: CVE request: Linux kernel silently ignores MS_RDONLY for bind
 mounts

Hello,

I suppose it's time I gave my opinion on this matter.  Personally, I
am ambivalent about whether this really deserves a CVE (or if the CVE
should be with the Linux kernel or with the applications that misuse
this API) as I feel it is the responsibility of API users like LXC and
systemd to make sure that they aren't misusing these interfaces but I
would still like this feature to be implemented and I will explain
why. For my own needs (with my own project at
https://gitorious.org/linted/linted) I sandbox processes without
raising privileges by means such as setuid applications and so can
only map uids and gids to the current user.  However, I still need to
prevent certain processes from writing to the user's home directory
and as such need to mount the /home hierarchy read only and
recursively.  Mostly though this is not a big problem for me because I
only need to mount the user's home directory when developing (because
I need to run binaries that are built inside the user's home
directory).  Also, there is the possibility of bind mounting special
hierarchies such as /dev, /proc and /sys read only (these are not just
one filesystem but need to be bound recursively) but I don't consider
this a strong use case.

Thank you,
Steven Stewart-Gallus

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ