Re: user can't mount loop device...
On Sat, Jan 20, 2001 at 07:06:48PM +0100, Marcin Owsiany wrote:
> On Sat, Jan 20, 2001 at 05:52:06PM +0100, Marcus Brinkmann wrote:
> > On Fri, Jan 19, 2001 at 03:05:16PM -0500, Daniel Jacobowitz wrote:
> > > What no one has mentioned is that users absolutely MUST NOT be allowed
> > > to run losetup (or mount, which would also be necessary). It's a file
> > > image. It can, for instance, contain suid binaries, not owned by the
> > > user. That's easy to make - see debugfs.
> >
> > The Hurd wins again.
>
> Oh, please, don't make Hurd so mysterious (*grin*), tell us how
> it copes with that?
You can try it out yourself and see :)
The reason is that authentication can be handled in a superior way:
Filesystems live as user space programs, and permissions are not leaked to
the parent processes (so if you run a filesystem as user joe, you can't get
more permissions that user joe can get, regardless of the filesystems
content).
It goes even further: You can boot a new (sub)hurd system from within a disk
image owned by you. In this sub-system, you appear to be the user root (and
every user you want to be). But still no permissions leak to the parent
hurd.
Marcus
--
`Rhubarb is no Egyptian god.' Debian http://www.debian.org brinkmd@debian.org
Marcus Brinkmann GNU http://www.gnu.org marcus@gnu.org
Marcus.Brinkmann@ruhr-uni-bochum.de
http://www.marcus-brinkmann.de
Reply to: