Re: user can't mount loop device...
On Sat, Jan 20, 2001 at 08:23:27PM +0100, Tollef Fog Heen wrote:
> * Goswin Brederlow
>
> | >From man mount:
> | user Allow an ordinary user to mount the file
> | system. This option implies the options
> | noexec, nosuid, and nodev (unless overridden
> | by subsequent options, as in the option line
> | user,exec,dev,suid).
> |
> | So user or users is enough. You might want to allow executables
> | though.
>
> noexec is very weak on linux anyhow:
>
> $ ~/bin/hello
> bash: /home/tfheen/bin/hello: Permission denied
> $/lib/ld-linux.so.2 ~/bin/hello
> Hello, world!
> $mount | grep home
> /dev/ide/host0/bus0/target0/lun0/part3 on /home type ext2 (rw,noexec)
> $
They could always just copy the binary to their home directory and run it
from there. The important point is that if the original had any special
attributes (setuid, setgid, capabilities, etc) these are not passed on since
they are lost in the copy and the loader does not handle them.
It does protect a system from unsafe filesystems on swappable media. That's all
it was supposed to do.
Martijn
Reply to: