Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S262442AbVEMRP0 (ORCPT ); Fri, 13 May 2005 13:15:26 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262441AbVEMRP0 (ORCPT ); Fri, 13 May 2005 13:15:26 -0400 Received: from rev.193.226.232.93.euroweb.hu ([193.226.232.93]:30982 "EHLO dorka.pomaz.szeredi.hu") by vger.kernel.org with ESMTP id S262442AbVEMROx (ORCPT ); Fri, 13 May 2005 13:14:53 -0400 To: linuxram@us.ibm.com CC: jamie@shareable.org, ericvh@gmail.com, 7eggert@gmx.de, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, smfrench@austin.rr.com, hch@infradead.org In-reply-to: <1116003238.6248.367.camel@localhost> (message from Ram on Fri, 13 May 2005 09:53:58 -0700) Subject: Re: [RCF] [PATCH] unprivileged mount/umount References: <20050511170700.GC2141@mail.shareable.org> <1115840139.6248.181.camel@localhost> <20050511212810.GD5093@mail.shareable.org> <1115851333.6248.225.camel@localhost> <20050512010215.GB8457@mail.shareable.org> <20050512064514.GA12315@mail.shareable.org> <20050512151631.GA16310@mail.shareable.org> <1115946620.6248.299.camel@localhost> <1115969123.6248.336.camel@localhost> <1115974780.6248.346.camel@localhost> <1116003238.6248.367.camel@localhost> Message-Id: From: Miklos Szeredi Date: Fri, 13 May 2005 19:14:02 +0200 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1129 Lines: 31 > > > dentry = file->f_dentry; > > > mnt = file->f_vfsmnt; > > > inode = dentry->d_inode; > > > + if(mnt->mnt_namespace != current->namespace) > > > + goto out_putf; > > > > > > error = -ENOTDIR; > > > if (!S_ISDIR(inode->i_mode)) > > > > > > > Does this actually fix the problem? The open is done in the right > > namespace, and mount() doesn't call open(). > > Right but this fix disallows fchdir into a directory belonging to > a different namespace. And hence would disallow the ability to > cross mount across namespaces. Ahh, sorry. I thought that check was in open(), but I see now it's in fchdir(). Next time please use '-p' option of diff, to avoid confusing thoughtless readers like me :) Though your patch does fix the bug, I still think it's wrong, since mounting from a different namespace has legitimate uses, and is not a security problem. Miklos - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/