Friday, June 25, 2021

Re: mount(8) security and symlink(7)

> Probably because testing for the situation would be an unreliable
> race. BTW, you explain the ssh behaviour incorrectly. It does not
> warn. It fails, and refuses to continue. Failure is not permitted
> for the mount system call in this circumstance, and the entire path
> upwards cannot be verified atomically. A racy warning also requires
> warning to stderr. There are lots of complex considereations to your
> handwavy propose.

i would think the mount(8) command could examine each node of the path
before the actual mount point and check that they are owned root:wheel
and o-w. only root and wheel could run the race then.

as for the mount(2) system call, no one makes a boo boo in C, right?

No comments:

Post a Comment