Comment 2 for bug 519380

Revision history for this message
Stephane Chazelas (stephane-chazelas) wrote : Re: [Bug 519380] Re: remounts don't work with mountall

2010-02-09 18:02:32 -0000, Johan Kiviniemi:
> It seems to me the correct fstab entry would look like
>
> /here /there none bind,noexec
>
> mount needs to be modified to handle that, though.

Yes, agreed, see:

http://article.gmane.org/gmane.linux.utilities.util-linux-ng/2979

raised today.

> There’s also a race condition in mounting something without noexec and
> then adding the flag with remount.

Yes, though you'd had the same condition (though shorter) if
mount(8) were modified as you need 2 mount(2) system calls
anywat.

> A mount that needs to be noexec for
> whatever reason isn’t for a short period.

Yes, but here we're talking of /etc/fstab which (unless noauto
is also passed, which is not really our concern here as we're
discussing mountall), this is gonna happen before anybody can
log in and exploit the race condition.

In my case, I'm actually doing a mount --bind /here /here and
I'm concerned with suid files. /here contains file systems
trees meant to be mounted as root file systems by other hosts
over NFS, I want local users to be able to access the images for
reading, but I don't want suid files as they could potentially
be exploited .

> Not that it’s likely to cause a problem, but that’s an indicator
> something’s not right with the method.

I agree, but at the moment, I didn't have any way around that
(other than adding an init script that mounts those separately),
and it used to work, so it's a regression.

I've now found not too bad a work around: have a
/sbin/mount.bind like:

#! /bin/sh -x
[ "$#" -ge 2 ] || exit
dev=$1 mount_point=$2; shift 2
/bin/mount -i --bind -- "$dev" "$mount_point" || exit
[ "$1" != "-o" ] && exit
exec /bin/mount -i -o remount "$@" "$mount_point"

and then:

/here /there bind noexec 0 0

in fstab

Of, course /sbin/mount.bind being a shell script, you don't want
to add the "user" option to the script, but that script could be
written in a safer language, you get the idea.

--
Stephane