From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alexander Viro To: 9fans@cse.psu.edu Subject: Re: [9fans] Private Namespaces for Linux In-Reply-To: <20011120224044.77D38199FA@mail.cse.psu.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Date: Tue, 20 Nov 2001 18:29:01 -0500 Topicbox-Message-UUID: 25d56680-eaca-11e9-9e20-41e7f4b1d025 On Tue, 20 Nov 2001, David Gordon Hogan wrote: > Just out of curiousity, how does the Linux ``namespaces'' > implementation handle the many juicy attacks possible > against set-uid programs? Do set-uid programs get > thrown into a default namespace? Keep in mind that currently mount(2) is still very seriously restricted - there will be a lot of work on userland before we will be able to lift these restrictions. Ideally we should be able to get rid of setuid - it is doable, but will take quite a while. For a lot of uses even root-only mount(2) combined with per-process namespaces (new flag to clone(2) equivalent to RF_NAMEG and usual semantics on exit(2)) gives much more than possible with traditional Unices. Another thing being, nosuid is per-mountpoint. I.e. you can have the same fs mounted with nosuid in some namespaces and without - in other. It will certainly take a lot of work to clean the userland up - there will be a long transition. OTOH, these cleanups are needed anyway. That's actually one of the reasons why 9pfs is so interesting - it would simplify quite a few of these issues.