pmount to support mounting image files using loop devices. This has required a little more work than I thought, since I had to add support for configuration files for pmount, as loopback mounting is by essence insecure, so the support for it had to be user-configurable. I have tried hard to make the loopback mounting as secure as possible, for instance by ensuring that a user cannot bypass file permissions with it, but of course lookback mount still means that a user has read-write access to a mounted FS which can be used to exploit potential weaknesses in the kernel...
I have uploaded a new version of pmount to experimental. Comments, bug reports, exploits are welcome !
2 comments:
When you describe loopback mounts as insecure, do you mean anything other than the possibility of exploiting a kernel bug by modifying a mounted filesystem?
That's the only problem I see for now, but I'm not sure all FS are designed to resist malicious tampering while the FS is mounted. Apart from that, as far as I can tell, the loopback itself is secure, and the pmount side of the things should be.
Post a Comment