oss-sec mailing list archives
Re: CVE request: Linux kernel silently ignores MS_RDONLY for bind mounts
From: Daniel Micay <danielmicay () gmail com>
Date: Thu, 26 Feb 2015 14:58:17 -0500
The commit adding this in 2.6.26 did actually document the weird behaviour, so I guess it's just "by design". Users of the API like LXC, Docker and systemd would likely have to iterate over /proc/self/mounts and remount everything due to the way MS_REC works. Anyway, there's clearly something wrong here when containers are claiming to have a read-only mount feature but writes to the directory tree aren't prevented...
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE request: Linux kernel silently ignores MS_RDONLY for bind mounts Daniel Micay (Feb 26)
- Re: CVE request: Linux kernel silently ignores MS_RDONLY for bind mounts Daniel Micay (Feb 26)
- Re: Re: CVE request: Linux kernel silently ignores MS_RDONLY for bind mounts Rich Felker (Feb 28)
- Re: Re: CVE request: Linux kernel silently ignores MS_RDONLY for bind mounts Daniel Micay (Feb 28)
- Re: CVE request: Linux kernel silently ignores MS_RDONLY for bind mounts Steven Stewart-Gallus (Mar 01)
- Re: Re: CVE request: Linux kernel silently ignores MS_RDONLY for bind mounts Rich Felker (Feb 28)
- Re: CVE request: Linux kernel silently ignores MS_RDONLY for bind mounts Daniel Micay (Feb 26)