Re: CVE request: Linux kernel silently ignores MS_RDONLY for bind mounts

[Steven Stewart-Gallus <sstewartgallus00 () mylangara bc ca>]

Hello,

I suppose it's time I gave my opinion on this matter.  Personally, I
am ambivalent about whether this really deserves a CVE (or if the CVE
should be with the Linux kernel or with the applications that misuse
this API) as I feel it is the responsibility of API users like LXC and
systemd to make sure that they aren't misusing these interfaces but I
would still like this feature to be implemented and I will explain
why. For my own needs (with my own project at
https://gitorious.org/linted/linted) I sandbox processes without
raising privileges by means such as setuid applications and so can
only map uids and gids to the current user.  However, I still need to
prevent certain processes from writing to the user's home directory
and as such need to mount the /home hierarchy read only and
recursively.  Mostly though this is not a big problem for me because I
only need to mount the user's home directory when developing (because
I need to run binaries that are built inside the user's home
directory).  Also, there is the possibility of bind mounting special
hierarchies such as /dev, /proc and /sys read only (these are not just
one filesystem but need to be bound recursively) but I don't consider
this a strong use case.

Thank you,
Steven Stewart-Gallus