[Bug 213135] CVE-2008-2544 mounting proc readonly on a different mount point silently mounts it rw if the /proc mount is rw

bugzilla at redhat.com bugzilla at redhat.com
Wed Jun 4 13:49:58 UTC 2008 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: CVE-2008-2544 mounting proc readonly on a different mount point silently mounts it rw if the /proc mount is rw


https://bugzilla.redhat.com/show_bug.cgi?id=213135





------- Additional Comments From jlieskov at redhat.com  2008-06-04 09:49 EST -------
This behavior seems to be specific only for the /proc filesystem.
Have tried sysfs and tmpfs -- giving "Read-only file system" error
message even on F9 kernel (2.6.25.3-18.fc9.x86_64).

The sysfs case:  (2.6.25.3-18.fc9.x86_64)

[root at host dev]# chroot /var/lib/mock/fedora-9-x86_64/root/ mount -t sysfs -r
sys home/boinc/fakeext3

[root at host dev]# cat
/var/lib/mock/fedora-9-x86_64/root/home/boinc/fakeext3/class/misc/network_latency/uevent
MAJOR=10
MINOR=62


[root at host dev]# echo -e "MAJOR=15\nMINOR=62" >
/var/lib/mock/fedora-9-x86_64/root/home/boinc/fakeext3/class/misc/network_latency/uevent
-bash:
/var/lib/mock/fedora-9-x86_64/root/home/boinc/fakeext3/class/misc/network_latency/uevent:
Read-only file system


The tmpfs case:  (2.6.25.3-18.fc9.x86_64)

[root at host dev]# chroot /var/lib/mock/fedora-9-x86_64/root/ umount
home/boinc/fakeext3

[root at host dev]# chroot /var/lib/mock/fedora-9-x86_64/root/ mount -t tmpfs -r
tmp home/boinc/fakeext3 

[root at host dev]# touch /var/lib/mock/fedora-9-x86_64/root/home/boinc/fakeext3/hello
touch: cannot touch
`/var/lib/mock/fedora-9-x86_64/root/home/boinc/fakeext3/hello': Read-only file
system

Seems the /proc filesystem used to behave in the same way till
2.6.23.1-42.fc8. Starting from 2.6.24.*, it silently mounts /proc rw even
when explicit ro mount option is used.

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

More information about the fedora-triage-list mailing list