OpenVZ Forum: Devel » Re: [patch 0/8] unprivileged mount syscall

Home » Mailing lists » Devel » Re: [patch 0/8] unprivileged mount syscall

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Re: [patch 0/8] unprivileged mount syscall [message #18107 is a reply to message #18101]

Sat, 07 April 2007 03:40

Eric Van Hensbergen is currently offline

Eric Van Hensbergen
Messages: 3
Registered: January 2007

Junior Member

On 4/6/07, H. Peter Anvin <hpa@zytor.com> wrote:
> Jan Engelhardt wrote:
> > On Apr 6 2007 16:16, H. Peter Anvin wrote:
> >>>> - users can use bind mounts without having to pre-configure them in
> >>>> /etc/fstab
> >>>>
> >> This is by far the biggest concern I see.  I think the security implication of
> >> allowing anyone to do bind mounts are poorly understood.
> >
> > $ whoami
> > miklos
> > $ mount --bind / ~/down_under
> >
> > later that day:
> > # userdel -r miklos
> >
>
> Consider backups, for example.
>

This is the reason why enforcing private namespaces for user mounts
makes sense.  I think it catches many of these corner cases.

          -eric
_______________________________________________
Containers mailing list
Containers@lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers

Report message to a moderator

[Message index]

		Re: [patch 0/8] unprivileged mount syscall By: hpa on Sat, 07 April 2007 00:22
		Re: [patch 0/8] unprivileged mount syscall By: Eric Van Hensbergen on Sat, 07 April 2007 03:40
		Re: [patch 0/8] unprivileged mount syscall By: Miklos Szeredi on Sat, 07 April 2007 06:48

Previous Topic:	Re: [PATCH] net: Add etun driver
Next Topic:	Re: [PATCH] net: Add etun driver

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Mon Oct 06 18:17:30 GMT 2025

Total time taken to generate the page: 0.20531 seconds