capabilities and privilege escalation

Robert Connolly robert at linuxfromscratch.org
Wed Aug 24 02:09:25 PDT 2011


On Tuesday 23 August 2011 17:31:20 Kevin Day wrote:
> On Mon, Aug 22, 2011 at 11:53 PM, Robert Connolly
> 
> <robert at linuxfromscratch.org> wrote:
> > On Monday 22 August 2011 18:46:54 Kevin Day wrote:
> >> I find /etc/mtab to be of poor taste.
> >> I have a bunch of patches that fix software to use /proc/mounts and
> >> not /etc/mtab.
> >> Thus leaving all of the mounted device listing to the kernel (who is
> >> always correct).
> >> Then there is no need to worry about clobbering /etc/mtab. (especially
> >> if your on a read-only or limited-write system).
> > 
> > Can I see your patches for util-linux-ng? Or all the patches?
> > 
> > robert
> 
> I am attaching it, hopefully it does not get blocked.
> The following programs need patches to use /proc/mounts
> - eject
> - glib
> - samba (it tries to do writes to /etc/mtab itself!)
> - util-linux-ng
> - xine-lib
> - uClibc (yep, i still use it for better and worse)
> - glibc
> 
> Any application that properly uses the libc's _PATH_MOUNTED should not
> need to be patched but should obviously need to be
> installed/reinstalled after applying the glibc/uclibc patch.

There's a thread from Debian about /etc/mtab:
http://lists.debian.org/debian-devel/2002/06/msg01831.html

/proc/mounts doesn't have all the information about loop device mounts, so 
umounting a loop device wouldn't break down the loop device after.

This is a disadvantage.

robert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20110824/30578774/attachment.sig>


More information about the hlfs-dev mailing list