On Sat, Jan 20, 2001 at 07:06:48PM +0100, Marcin Owsiany wrote: > On Sat, Jan 20, 2001 at 05:52:06PM +0100, Marcus Brinkmann wrote: > > On Fri, Jan 19, 2001 at 03:05:16PM -0500, Daniel Jacobowitz wrote: > > > What no one has mentioned is that users absolutely MUST NOT be allowed > > > to run losetup (or mount, which would also be necessary). It's a file > > > image. It can, for instance, contain suid binaries, not owned by the > > > user. That's easy to make - see debugfs. > > > > The Hurd wins again. > > Oh, please, don't make Hurd so mysterious (*grin*), tell us how > it copes with that? The reason that Linux, and other monolithic kernels, do not allow users to mount filesystems is that a bad filesystem can crash the kernel. In the hurd, all of these pieces of the system live outside of the kernel and run as the user that starts them. If a user has access to a node, e.g. $HOME/fs-image, they can translate it into the file system: # cd # settrans -ac fs /hurd/ext2fs fs-image # cd fs # ls file1 file2 dir1 # pwd /home/neal/fs If the translator were to die due to a faulty image or for any other reason, it would effectively receive a SIGSEGV and die like any other user space program.
Attachment:
pgpFJZIotu0Yy.pgp
Description: PGP signature