[Bug 213135] CVE-2008-2544 mounting proc readonly on a different mount point silently mounts it rw if the /proc mount is rw
bugzilla at redhat.com
bugzilla at redhat.com
Wed Jun 4 13:49:58 UTC 2008
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: CVE-2008-2544 mounting proc readonly on a different mount point silently mounts it rw if the /proc mount is rw
https://bugzilla.redhat.com/show_bug.cgi?id=213135
------- Additional Comments From jlieskov at redhat.com 2008-06-04 09:49 EST -------
This behavior seems to be specific only for the /proc filesystem.
Have tried sysfs and tmpfs -- giving "Read-only file system" error
message even on F9 kernel (2.6.25.3-18.fc9.x86_64).
The sysfs case: (2.6.25.3-18.fc9.x86_64)
[root at host dev]# chroot /var/lib/mock/fedora-9-x86_64/root/ mount -t sysfs -r
sys home/boinc/fakeext3
[root at host dev]# cat
/var/lib/mock/fedora-9-x86_64/root/home/boinc/fakeext3/class/misc/network_latency/uevent
MAJOR=10
MINOR=62
[root at host dev]# echo -e "MAJOR=15\nMINOR=62" >
/var/lib/mock/fedora-9-x86_64/root/home/boinc/fakeext3/class/misc/network_latency/uevent
-bash:
/var/lib/mock/fedora-9-x86_64/root/home/boinc/fakeext3/class/misc/network_latency/uevent:
Read-only file system
The tmpfs case: (2.6.25.3-18.fc9.x86_64)
[root at host dev]# chroot /var/lib/mock/fedora-9-x86_64/root/ umount
home/boinc/fakeext3
[root at host dev]# chroot /var/lib/mock/fedora-9-x86_64/root/ mount -t tmpfs -r
tmp home/boinc/fakeext3
[root at host dev]# touch /var/lib/mock/fedora-9-x86_64/root/home/boinc/fakeext3/hello
touch: cannot touch
`/var/lib/mock/fedora-9-x86_64/root/home/boinc/fakeext3/hello': Read-only file
system
Seems the /proc filesystem used to behave in the same way till
2.6.23.1-42.fc8. Starting from 2.6.24.*, it silently mounts /proc rw even
when explicit ro mount option is used.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the fedora-triage-list
mailing list