From thomas@tmseck.homedns.org  Wed Sep 11 01:31:18 2002
Return-Path: <thomas@tmseck.homedns.org>
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B141037B400
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 11 Sep 2002 01:31:18 -0700 (PDT)
Received: from smtp.netcologne.de (smtp.netcologne.de [194.8.194.112])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DCD8443E65
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 11 Sep 2002 01:31:17 -0700 (PDT)
	(envelope-from thomas@tmseck.homedns.org)
Received: from mail.tmseck.homedns.org (xdsl-213-168-111-204.netcologne.de [213.168.111.204])
	by smtp.netcologne.de (8.12.2/8.12.2) with ESMTP id g8B8VDgq026093
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 11 Sep 2002 10:31:14 +0200 (MEST)
Received: by mail.tmseck.homedns.org (Postfix, from userid 1001)
	id 820DC285B0; Wed, 11 Sep 2002 10:31:09 +0200 (CEST)
Message-Id: <20020911083109.820DC285B0@mail.tmseck.homedns.org>
Date: Wed, 11 Sep 2002 10:31:09 +0200 (CEST)
From: Thomas Seck <tmseck@netcologne.de>
Reply-To: Thomas Seck <tmseck@netcologne.de>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [PATCH] mount([28]) do not document vfs.usermount
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         42651
>Category:       docs
>Synopsis:       [PATCH] mount([28]) do not document vfs.usermount
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-doc
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 11 01:40:01 PDT 2002
>Closed-Date:    Mon Jan 13 20:43:31 MET 2003
>Last-Modified:  Mon Jan 13 20:43:31 MET 2003
>Originator:     Thomas Seck
>Release:        FreeBSD 4.6-STABLE i386
>Organization:
private site
>Environment:
FreeBSD CVS repository as of Sept. 9, 2002.

>Description:
Non-root users may be privileged to issue calls to mount(2) by setting the
sysctl vfs.usermount to a nonzero value. Neither this nor the implicit
restrictions (user must own mount point, the nosuid and nodev option are
always set) are documented in mount(2) or mount(8).

>How-To-Repeat:
n/a

>Fix:
I suggest the following patches (BTW, mount(8) nowadays uses the term
"file system" while mount(2) still uses "filesystem"):

Index: src/lib/libc/sys/mount.2
===================================================================
RCS file: /home/ncvs/src/lib/libc/sys/mount.2,v
retrieving revision 1.28
diff -u -r1.28 mount.2
--- src/lib/libc/sys/mount.2	1 Oct 2001 16:09:02 -0000	1.28
+++ src/lib/libc/sys/mount.2	11 Sep 2002 07:48:02 -0000
@@ -74,6 +74,12 @@
 of a successful mount are swept under the carpet so to speak, and
 are unavailable until the filesystem is unmounted.
 .Pp
+By default only the super-user may call the
+.Fn mount
+function. This restriction can be removed by setting the sysctl
+.Em vfs.usermount
+to a non-zero value.
+.Pp
 The following
 .Ar flags
 may be specified to
@@ -87,11 +93,13 @@
 .It Dv MNT_NOEXEC
 Do not allow files to be executed from the filesystem.
 .It Dv MNT_NOSUID
-Do not honor setuid or setgid bits on files when executing them.
+Do not honor setuid or setgid bits on files when executing them. This flag is
+automatically set when the caller is not the super-user.
 .It Dv MNT_NOATIME
 Disable update of file access times.
 .It Dv MNT_NODEV
-Do not interpret special files on the filesystem.
+Do not interpret special files on the filesystem. This flag is automatically
+set when the caller is not the super-user.
 .It Dv MNT_SUIDDIR
 Directories with the SUID bit set chown new files to their own owner.
 .It Dv MNT_SYNCHRONOUS
@@ -176,7 +184,8 @@
 function will fail when one of the following occurs:
 .Bl -tag -width Er
 .It Bq Er EPERM
-The caller is not the super-user.
+The caller is not the super-user and not the owner of
+.Ar dir .
 .It Bq Er ENAMETOOLONG
 A component of a pathname exceeded 255 characters,
 or the entire length of a path name exceeded 1023 characters.
@@ -253,7 +262,9 @@
 function may fail with one of the following errors:
 .Bl -tag -width Er
 .It Bq Er EPERM
-The caller is not the super-user.
+The caller is not the super-user and not the user that issued the corresponding
+.Xr mount 2
+call.
 .It Bq Er ENOTDIR
 A component of the path is not a directory.
 .It Bq Er ENAMETOOLONG
@@ -280,6 +291,7 @@
 .Sh SEE ALSO
 .Xr lsvfs 1 ,
 .Xr mount 8 ,
+.Xr sysctl 8 ,
 .Xr umount 8
 .Sh BUGS
 Some of the error codes need translation to more obvious messages.


Index: src/sbin/mount/mount.8
===================================================================
RCS file: /home/ncvs/src/sbin/mount/mount.8,v
retrieving revision 1.52
diff -u -r1.52 mount.8
--- src/sbin/mount/mount.8	21 Aug 2002 18:10:52 -0000	1.52
+++ src/sbin/mount/mount.8	11 Sep 2002 08:00:13 -0000
@@ -158,7 +158,8 @@
 .It Cm nodev
 Do not interpret character or block special devices on the file system.
 This option is useful for a server that has file systems containing
-special devices for architectures other than its own.
+special devices for architectures other than its own. This option is always set
+when the user does not have super-user privileges.
 .It Cm noexec
 Do not allow execution of any binaries on the mounted file system.
 This option is useful for a server that has file systems containing
@@ -168,7 +169,8 @@
 Note: this option is worthless if a public available suid or sgid
 wrapper like
 .Xr suidperl 1
-is installed on your system.
+is installed on your system. It is automatically set when the user does not
+have super-user privileges.
 .It Cm nosymfollow
 Do not follow symlinks
 on the mounted file system.
@@ -436,6 +438,7 @@
 .Xr mount_udf 8 ,
 .Xr mount_umapfs 8 ,
 .Xr mount_unionfs 8 ,
+.Xr sysctl 8 ,
 .Xr umount 8
 .Sh BUGS
 It is possible for a corrupted file system to cause a crash.
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: joerg 
State-Changed-When: Mon Jan 13 20:42:56 MET 2003 
State-Changed-Why:  
Suggested fix applied in rev 1.33 (mount(2)) and 1.54 (mount(8)), 
danke sehr! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=42651 
>Unformatted:
