The security bug hunter halfdog kindly invited me here.
These 6 patches using the mounter's cred are interesting approach, but I have a question.
- mount(2) requires CAP_SYS_ADMIN only. CAP_CHOWN is not necessary.
- the internal copy-up requires CAP_CHOWN. CAP_DAC_OVERRIDE, CAP_FOWNER, CAP_FSETID, CAP_CHOWN, and CAP_MKNOD.
When the mounter doesn't have CAP_CHOWN and others, can a user open the file which is owned by another user?
Unfortunately my machine environment doesn't allow me to test it by myself.
The security bug hunter halfdog kindly invited me here.
These 6 patches using the mounter's cred are interesting approach, but I have a question.
- mount(2) requires CAP_SYS_ADMIN only. CAP_CHOWN is not necessary.
- the internal copy-up requires CAP_CHOWN. CAP_DAC_OVERRIDE, CAP_FOWNER, CAP_FSETID, CAP_CHOWN, and CAP_MKNOD.
When the mounter doesn't have CAP_CHOWN and others, can a user open the file which is owned by another user?
Unfortunately my machine environment doesn't allow me to test it by myself.