From: Karel Zak <kzak@redhat.com>
To: L A Walsh <lkml@tlinx.org>
Cc: util-linux@vger.kernel.org
Subject: Re: Bug: mount doing bad security check: only root can use -types, (effective EUID is 5013)
Date: Tue, 6 Jun 2017 11:36:07 +0200 [thread overview]
Message-ID: <20170606093607.xrxel4ny4hjoe4iv@ws.net.home> (raw)
In-Reply-To: <5935E44B.8000405@tlinx.org>
On Mon, Jun 05, 2017 at 04:07:55PM -0700, L A Walsh wrote:
> mount is Using util-linux 2.30-rc2 (libmount 2.30.0: smack, btrfs, mtab,
> debug).
>
> Trying to mount any file system, thinks I have bad UID:
>
> Ishtar:/mnt# /bin/mount /dev/tmpfs /mnt/tmpfs -t tmpfs
> mount: only root can use "--types" option (effective UID is 5013)
geteuid() returns 5013, so it runs in restricted mode.
> Ishtar:/mnt# echo "$UID $EUID"
> 0 0
Well, it's better to use commands like "id" rather than rely on env
variables.
> Someone else had a problem w/mount doing some bad check
> that wasn't the case. Think they had the right bits (CAP_SYS_ADMIN),
> but the mount command was ignoring caps and looking for UID==0.
Yes, it's:
ruid = getuid();
euid = geteuid();
cxt->restricted = (uid_t) 0 == ruid && ruid == euid ? 0 : 1;
in your case geteuid() returns 5013.
BTW, there is no change in this libmount code since 2010, and no
change in "only root can use" mount.c code since year 2013.
> But in this case, it "double" shouldn't matter, since I'm
> running as root.
Try to verify that you're really root ;-)
Karel
--
Karel Zak <kzak@redhat.com>
http://karelzak.blogspot.com
next prev parent reply other threads:[~2017-06-06 9:36 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-05 23:07 Bug: mount doing bad security check: only root can use -types, (effective EUID is 5013) L A Walsh
2017-06-06 9:36 ` Karel Zak [this message]
2017-06-06 14:15 ` L A Walsh
2017-06-06 15:10 ` Karel Zak
2017-06-06 15:11 ` L A Walsh
2017-06-06 15:21 ` Tilman Schmidt
2017-06-06 16:03 ` Karel Zak
2017-06-06 16:10 ` L A Walsh
2017-06-06 17:12 ` Patch: ensure mount & umount are root-owned before setting SUID bit L A Walsh
2017-06-20 11:14 ` Karel Zak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170606093607.xrxel4ny4hjoe4iv@ws.net.home \
--to=kzak@redhat.com \
--cc=lkml@tlinx.org \
--cc=util-linux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.