User: Password:
|
|
Subscribe / Log in / New account

Quotes of the week

Quotes of the week

Posted Feb 28, 2013 19:39 UTC (Thu) by spender (subscriber, #23067)
In reply to: Quotes of the week by michaeljt
Parent article: Quotes of the week

A number of things: the filesystem could intentionally contain suid root binaries, world-readable/writable device files, etc. Additionally, auditing and fixing vulnerabilities in the parsing of filesystems isn't a huge priority among kernel developers (which is one of the reasons why removing the privilege check for user namespaces was extremely premature). It's effectively the same impact as if a bunch of buggy, exploitable system calls were added. You would hope considerable care would be taken in the latter case. This hasn't happened with user namespaces.

-Brad


(Log in to post comments)

Quotes of the week

Posted Feb 28, 2013 20:59 UTC (Thu) by michaeljt (subscriber, #39183) [Link]

> A number of things: the filesystem could intentionally contain suid root binaries, world-readable/writable device files, etc.

I am assuming (see the thought experiment) that the unprivileged user would not normally have the right to create these files if you leave mounting the file system out of the picture.

Quotes of the week

Posted Feb 28, 2013 21:32 UTC (Thu) by raven667 (subscriber, #5198) [Link]

I think the point is that you can't enforce a restriction like that when the user can mount a filesystem of their own creation with their own files and device nodes on it, unless the filesystem is mounted with the nodev,nosuid flags.

Quotes of the week

Posted Mar 1, 2013 2:09 UTC (Fri) by Trelane (subscriber, #56877) [Link]

Why cant user mounts automatically have these options added?

Quotes of the week

Posted Mar 1, 2013 8:50 UTC (Fri) by michaeljt (subscriber, #39183) [Link]

> Why cant user mounts automatically have these options added?

As well as restrictions on the allowed groups and users of the files and directories in the mounted file system.

Quotes of the week

Posted Mar 5, 2013 17:40 UTC (Tue) by viro (subscriber, #7872) [Link]

nosuid/nodev somewhat reduce the former. The latter, however, is a really serious problem. Especially since it's not just parsing the filesystems - if an attacker creates an image in regular file, mounts it with -o loop (i.e. sets /dev/loop over it and mounts that) and starts modifying that file right under the nose of fs code... That's one hell of unpleasant attack surface.

I'm rather sceptical about the whole thing, to be honest - I wouldn't give CAP_SYS_ADMIN in containers to anyone. Not on my damn boxen, TYVM...


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds