[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: A Hurd user can mount loop device...

Previously Neal H Walfield wrote:
> The reason that Linux, and other monolithic kernels, do not allow users
> to mount filesystems is that a bad filesystem can crash the kernel.

No, you're completely missing the point. What you mean is loading
filesystem drivers, ie adding new code to the kernel. That is a
completely different thing then mounting a filesystem.

Allowing an arbitrary untrusted user to mount a arbitrary untrusted
filesystem is *bad* from a security perspective: it would be trivial
for the user to create a filesystem image with suid binaries, devices
with lax permissions, etc. 

The difference here that makes the HURD safe is that the HURD `runs'
the filesystem as a user(space) process, so mounting a filesystem
can't give the user extra priviliges through that data in it.

Wichert.


-- 
  _________________________________________________________________
 /       Nothing is fool-proof to a sufficiently talented fool     \
| wichert@cistron.nl                  http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |
Reply to: