Unprivileged filesystem mounts
Kent Overstreet
kent.overstreet at linux.dev
Tue Mar 11 17:43:36 UTC 2025
On Tue, Mar 11, 2025 at 05:36:00PM +0000, Al Viro wrote:
> On Tue, Mar 11, 2025 at 12:01:48PM +0100, Christian Brauner wrote:
>
> > The case where arbitrary devices stuck into a laptop (e.g., USB sticks)
> > are mounted isn't solved by making a filesystem mountable unprivileged.
> > The mounted device cannot show up in the global mount namespace
> > somewhere since the user doesn't own the initial mount+user namespace.
> > So it's pointless. In other words, there's filesystem level checks and
> > mount namespace based checks. Circumventing that restriction means that
> > any user can just mount the device at any location in the global mount
> > namespace and therefore simply overmount other stuff.
>
> Note that "untrusted contents" is not the worst thing you can run into -
> it can be content changing behind your back. I seriously doubt that
> anyone fuzzes for that kind of crap (and no, it's not an invitation to
> start). I seriously doubt that there's any local filesystem that would
> be resilent to that...
Given network block devices (more common with cloud stuff these days),
it's not a totally unreasonable thing to want to be secure against.
I'd love to see someone attack bcachefs that way - in a few more years :)
More information about the Linux-security-module-archive
mailing list