Roger,
Thanks, I've been waiting for this for awhile! One question: Will the
'mount' update process delete an /etc/mtab and replace it with a symlink? I
certainly hope so!
On Tue, Jan 10, 2012 at 5:58 AM, Debian Bug Tracking System <
ow...@bugs.debian.org> wrote:
> This is an automatic notification regarding your Bug report
> which was filed against the mount package:
>
> #296201: mount: unprivileged user can mount partition without updating mtab
>
> It has been closed by Roger Leigh <rle...@codelibre.net>.
>
> Their explanation is attached below along with your original report.
> If this explanation is unsatisfactory and you have not received a
> better one in a separate message then please contact Roger Leigh <
> rle...@codelibre.net> by
> replying to this email.
>
>
> --
> 296201: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=296201
> Debian Bug Tracking System
> Contact ow...@bugs.debian.org with problems
>
>
> ---------- Forwarded message ----------
> From: Roger Leigh <rle...@codelibre.net>
> To: 64479-d...@bugs.debian.org, 94076-d...@bugs.debian.org,
> 116288-d...@bugs.debian.org, 235952-d...@bugs.debian.org,
> 277931-d...@bugs.debian.org, 296201-d...@bugs.debian.org,
> 354298-d...@bugs.debian.org, 409008-d...@bugs.debian.org,
> 412152-d...@bugs.debian.org, 440828-d...@bugs.debian.org,
> 446921-d...@bugs.debian.org, 533901-d...@bugs.debian.org,
> 634871-d...@bugs.debian.org
> Cc:
> Date: Tue, 10 Jan 2012 13:54:26 +0000
> Subject: Closing mtab-related bugs
> Version: 2.20.1-1
>
> /etc/mtab is now a symlink to /proc/mounts. Bugs which were a
> result of editing /etc/mtab which make it get out of sync with
> the real kernel state are now no longer an issue.
>
> mount continues to support /etc/mtab as a file for the time
> being, and so some bugs are still technically present in the
> package, but will not be encountered in practice due to no
> longer being a supported default.
>
> Several of these bugs were already fixed by new upstream releases.
> All are fixed now /etc/mtab is a symlink.
>
> #64479 mount: should use /proc/mounts with mtab as backup
> - /proc/mounts is now always used
> #94076 mount: doesn't update mtab when link to writable file
> - not a problem with mtab as a symlink
> #116288 mount: mount leaves type auto in /etc/mtab
> - not a problem with mtab as a symlink
> #235952 mount: remount failed to change option, but updated mtab any way.
> - not a problem with mtab as a symlink
> #277931 mount: When bind mounting /proc to a mtpt named 'proc' the mount
> point's full path is not written to mtab
> - not a problem with mtab as a symlink
> #296201 mount: unprivileged user can mount partition without updating mtab
> - race no longer present; no mtab writing
> #354298 mount --rbind does not update /etc/mtab properly
> - not a problem with mtab as a symlink
> #409008 mount --move skrews up mtab
> - not a problem with mtab as a symlink
> #412152 -f updates mtab on remount
> - mount -f was behaving as documented, and in any case, mtab is
> now no longer updated
> #440828 umount fails to remove entry in /etc/mtab when unmounting
> - not a problem with mtab as a symlink
> #446921 mount -oremount,size=10G /tmp miswrites mtab
> - not a problem with mtab as a symlink
> #533901 "user" mounts broken when /etc/mtab is a symlink
> - now works just fine
> #634871 mount refuses to update mtab if there's any entry with "none"
> - fixed
>
>
> Regards,
> Roger
>
> --
> .''`. Roger Leigh
> : :' : Debian GNU/Linux http://people.debian.org/~rleigh/
> `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
> `- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
>
>
>
> ---------- Forwarded message ----------
> From: Tyler MacDonald <ty...@yi.org>
> To: Debian Bug Tracking System <sub...@bugs.debian.org>
> Cc:
> Date: Sun, 20 Feb 2005 15:59:20 -0800
> Subject: mount: unprivileged user can mount partition without updating mtab
> Package: mount
> Version: 2.12p-2
> Severity: grave
> Justification: user security hole
>
>
> If a non-root user mounts media (in my case, a CD-ROM), and attempts to
> kill
> the process (in my case, a mad combination of ^C and ^\), the filesystem
> can
> be mounted, yet not appear in /etc/mtab.
>
> This means that when the user does a "df", it does not show up, and when
> they try to unmount it (unless they are root), they are denied, told that
> the filesystem is not mounted according to /etc/mtab.
>
> This introduces two security holes:
>
> 1) A malicious user could lock-up removable media for anybody else
> that wishes to use the system; or
>
> 2) A user is told that data is not available which actually is,
> which could mislead them into leaving it there for others to access.
>
> .. and, of course, in the case of cd-rom's which are usually locked while
> moutned, a user without root access or access to the person with root
> access
> can't get his/her CD rom back (without sticking a needle in the little
> hole,
> but we don't want them to do that, do we?)
>
> - Tyler
>
>
> -- System Information:
> Debian Release: 3.1
> APT prefers unstable
> APT policy: (500, 'unstable')
> Architecture: i386 (i686)
> Kernel: Linux 2.6.7-1-k7
> Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1)
>
> Versions of packages mount depends on:
> ii libblkid1 1.36release-1 block device id library
> ii libc6 2.3.2.ds1-20 GNU C Library: Shared
> libraries an
> ii libuuid1 1.36release-1 universally unique id library
>
> -- no debconf information
>
>
>
