Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756838AbdLVVGS (ORCPT ); Fri, 22 Dec 2017 16:06:18 -0500 Received: from mail-wr0-f171.google.com ([209.85.128.171]:33291 "EHLO mail-wr0-f171.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756086AbdLVVGP (ORCPT ); Fri, 22 Dec 2017 16:06:15 -0500 X-Google-Smtp-Source: ACJfBov6LgUR4AcNF1BtQUSopkghHkhoSJ4QWs4uODIFV9jOuLK2s10CKBCGbaYi53kn18jXrnO91CItpGvLLI4bWyQ= MIME-Version: 1.0 In-Reply-To: <945d325a2239efcd55273abb2bac41cfc7264fea.1512041070.git.dongsu@kinvolk.io> References: <945d325a2239efcd55273abb2bac41cfc7264fea.1512041070.git.dongsu@kinvolk.io> From: Richard Weinberger Date: Fri, 22 Dec 2017 22:06:13 +0100 Message-ID: Subject: Re: [PATCH 02/11] mtd: Check permissions towards mtd block device inode when mounting To: Dongsu Park Cc: LKML , Miklos Szeredi , Linux Containers , Seth Forshee , Alban Crequy , "Eric W . Biederman" , Sargun Dhillon , "linux-mtd@lists.infradead.org" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 675 Lines: 19 Dongsu, On Fri, Dec 22, 2017 at 3:32 PM, Dongsu Park wrote: > From: Seth Forshee > > Unprivileged users should not be able to mount mtd block devices > when they lack sufficient privileges towards the block device > inode. Update mount_mtd() to validate that the user has the > required access to the inode at the specified path. The check > will be skipped for CAP_SYS_ADMIN, so privileged mounts will > continue working as before. What is the big picture of this? Can in future an unprivileged user just mount UBIFS? Please note that UBIFS sits on top of a character device and not a block device. -- Thanks, //richard