Contributed by rueda on from the ain't-no-mountin' dept.
The facility for allowing non-root users to mount file systems has been removed from OpenBSD-current due to security concerns.
Specifically, the value of
(as described in the
sysctl(3) man pages) will be ignored in OpenBSD 6.0,
kern.usermount system variable will be absent from later releases.
Theo de Raadt (deraadt@) committed the change:
CVSROOT: /cvs Module name: src Changes by: firstname.lastname@example.org 2016/07/14 09:39:40 Modified files: sys/kern : vfs_syscalls.c kern_sysctl.c Log message: kern.usermount=1 is unsafe for everyone, since it allows any non-pledged program to call the mount/umount system calls. There is no way any user can be expected to keep their system safe / reliable with this feature. Ignore setting to =1, and after release we'll delete the sysctl entirely. ok lots of people
In addition to the patched bugs, several panics were discovered by NCC that can be triggered by root or users with the usermount option set. These bugs are not getting patched because we believe they are only the tip of the iceberg. The mount system call exposes too much code to userland to be considered secure. As remediation, it's recommended to disable usermount. For the forthcoming 6.0 release, the usermount option will be removed.
(Comments are closed)