Date: Mon, 02 Mar 2015 05:02:56 +0000 (GMT) From: Steven Stewart-Gallus <sstewartgallus00@...angara.bc.ca> To: Rich Felker <dalias@...c.org> Cc: oss-security@...ts.openwall.com, ryao@...too.org Subject: Re: CVE request: Linux kernel silently ignores MS_RDONLY for bind mounts Hello, I suppose it's time I gave my opinion on this matter. Personally, I am ambivalent about whether this really deserves a CVE (or if the CVE should be with the Linux kernel or with the applications that misuse this API) as I feel it is the responsibility of API users like LXC and systemd to make sure that they aren't misusing these interfaces but I would still like this feature to be implemented and I will explain why. For my own needs (with my own project at https://gitorious.org/linted/linted) I sandbox processes without raising privileges by means such as setuid applications and so can only map uids and gids to the current user. However, I still need to prevent certain processes from writing to the user's home directory and as such need to mount the /home hierarchy read only and recursively. Mostly though this is not a big problem for me because I only need to mount the user's home directory when developing (because I need to run binaries that are built inside the user's home directory). Also, there is the possibility of bind mounting special hierarchies such as /dev, /proc and /sys read only (these are not just one filesystem but need to be bound recursively) but I don't consider this a strong use case. Thank you, Steven Stewart-Gallus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ