|
|
Subscribe / Log in / New account

The mismatched mount mess

The mismatched mount mess

Posted Aug 12, 2018 4:44 UTC (Sun) by viro (subscriber, #7872)
In reply to: The mismatched mount mess by zblaxell
Parent article: The mismatched mount mess

You know, what annoys me about that fsdevel thread is that presumably clued people do not bother to RTFM. Or RTFS. Or directly experiment. FYI: suid/nosuid is mount property. There is nothing to "conflict" - you either pass MS_NOSUID to mount(2), or you do not. Either way, it affects that mount and nothing else. Filesystem itself doesn't know and doesn't care.

All of the above could be found in a couple of minutes by reading through mount(2) or mount(8) and experimenting.
As in,
root@kvm1:~# dd if=/dev/zero of=/tmp/foo bs=1M count=2
2+0 records in
2+0 records out
2097152 bytes (2.1 MB, 2.0 MiB) copied, 0.00372987 s, 562 MB/s
root@kvm1:~# mkfs /tmp/foo
mke2fs 1.44.3 (10-July-2018)
Discarding device blocks: done
Creating filesystem with 2048 1k blocks and 256 inodes

Allocating group tables: done
Writing inode tables: done
Writing superblocks and filesystem accounting information: done

root@kvm1:~# losetup /dev/loop0 /tmp/foo
root@kvm1:~# mkdir /tmp/a /tmp/b
root@kvm1:~# mount /dev/loop0 /tmp/a
root@kvm1:~# mount /dev/loop0 /tmp/b -o nosuid
root@kvm1:~# cp /usr/bin/whoami /tmp/a/
root@kvm1:~# chown lp /tmp/a/whoami
root@kvm1:~# chmod +s /tmp/a/whoami
root@kvm1:~# /tmp/a/whoami
lp
root@kvm1:~# /tmp/b/whoami
root
root@kvm1:~# umount /tmp/a /tmp/b
root@kvm1:~# losetup -d /dev/loop0
root@kvm1:~# rm -rf /tmp/foo /tmp/a /tmp/b

Two minutes, beginning to end. Sigh...

to post comments

The mismatched mount mess

Posted Aug 12, 2018 5:01 UTC (Sun) by viro (subscriber, #7872) [Link] (1 responses)

... and if you are asking if previous mounts would for some reason affect the suid/nosuid state on subsequent ones, the answer is (a) no; (b) check and see.

Incidentally, the worst part of cross-namespace sharing of mounts is not just the fs-level mount options being ignored rather than having mount(2) fail on their mismatch. The real nastiness comes from mount -o remount done in one place and affecting every mount of that sucker. The mount-level options (nosuid among them) are not an issue - they won't do anything to other mounts. Per-fs ones bloody well will. And no, we really can't make each option per-mount - I dare you to try and handle the things like -o errors=panic or -o errors=remount-ro on per-mountpoint basis; good luck propagating the "originating" mount towards each ext4_error() in there. Especially fun when it comes to errors on e.g. writeback. Or -o data=... for the same ext4...

The mismatched mount mess

Posted Aug 12, 2018 5:28 UTC (Sun) by bof (subscriber, #110741) [Link]

wrt. the fs-level shared mount options - does the shared data for that "know" how often the thing is mounted? If that is the case, maybe a general approach of only permitting change (on remount or additional mount) if it's not mounted more than once already, would work?


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds