Re: [PATCH v3 0/7] User namespace mount updates
From: Al Viro <viro@ZenIV.linux.org.uk>
Date: 2015-11-17 21:05:42
Also in:
dm-devel, linux-bcache, linux-fsdevel, lkml, selinux
From: Al Viro <viro@ZenIV.linux.org.uk>
Date: 2015-11-17 21:05:42
Also in:
dm-devel, linux-bcache, linux-fsdevel, lkml, selinux
On Tue, Nov 17, 2015 at 03:39:16PM -0500, Austin S Hemmelgarn wrote:
quoted
This is absolutely insane, no matter how much LSM snake oil you slatter on the whole thing. All of a sudden you are exposing a huge attack surface in the place where it would hurt most and as the consolation we are offered basically "Ted is willing to fix holes when they are found".For the context of static image attacks, anything that's found _needs_ to be fixed regardless, and unless you can find some way to actually prevent attacks on mounted filesystems that doesn't involve a complete re-write of the filesystem drivers, then there's not much we can do about it. Yes, unprivileged mounts expose an attack surface, but so does userspace access to the network stack, and so do a lot of other features that are considered essential in a modern general purpose operating system.
"X is exposes an attack surface. Y exposes a diferent attack surface. Y is considered important. Therefore X is important enough to implement it" Right...