Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Joshua Brindle <method@g.o>
To: Gavin <gavin@××××.com>
Cc: gentoo-hardened@l.g.o, Herbert Poetzl <herbert@×××××××××.at>
Subject: Re: [gentoo-hardened] Request for Consideration: Kernel Patch to Improve Security for Bind Mounts
Date: Wed, 18 Aug 2004 17:33:58
Message-Id: 412392E8.70006@gentoo.org
In Reply to: [gentoo-hardened] Request for Consideration: Kernel Patch to Improve Security for Bind Mounts by Gavin
1 AFAIK we had this at one time (at least read only binds which was made
2 by albiero) whatever happened to that?
3
4 Joshua Brindle
5
6
7 Gavin wrote:
8
9 > Greetings,
10 >
11 > Currently, none of the Linux kernels available for Gentoo honor some of the mount options (e.g. read-only), when using bind-type mounts (e.g. "mount --bind .."). Instead, these options are silently ignored (e.g. granting write access when read-only was requested).
12 >
13 > May I recommend this important patch for consideration in hardened-*sources?
14 >
15 > Herbert Poetzl's patch offers:
16 > o readonly bind mounts
17 > o ro truncate handling for (f)chown, (f)chmod handling
18 > o ro utime(s) handling
19 > o ro access and *_ioctl
20 > o added noatime and nodiratime
21 > o made autofs4 update_atime uncond
22 >
23 > Cheers,
24 > Gavin
25 >
26 > ----- Original Message -----
27 > From: "Herbert Poetzl" <herbert@×××××××××.at>
28 > To: <linux-kernel@×××××××××××.org>
29 > Sent: Wednesday, August 18, 2004 5:51 AM
30 > Subject: [PATCH] Bind Mount Extensions 0.05
31 >
32 >
33 >
34 >>Greetings!
35 >>
36 >>The following patch extends the 'noatime', 'nodiratime' and
37 >>last but not least the 'ro' (read only) mount option to the
38 >>vfs --bind mounts, allowing them to behave like any other
39 >>mount, by honoring those mount flags (which are silently
40 >>ignored by the current implementation in 2.4.x and 2.6.x)
41 >>
42 >>I don't want to pollute your mailbox with useless patches,
43 >>so for those who are interested in this stuff, get them
44 >>here (for 2.4.27 and 2.6.8.1)
45 >>
46 >> http://www.13thfloor.at/patches/
47 >>
48 >>many thanks to Willy Tarreau for spotting the bug in the
49 >>previous bme0.04 for linux 2.4.x.
50 >>
51 >>enjoy,
52 >>Herbert
53 >>
54 >
55 >
56 > --
57 > gentoo-hardened@g.o mailing list
58 >
59 >
60
61
62 --
63 gentoo-hardened@g.o mailing list

Replies

Subject Author
Re: [gentoo-hardened] Request for Consideration: Kernel Patch to Improve Security for Bind Mounts Cory Visi <merlin@×××××××××.org>
Report Message
Find on MARC Find on Google Groups