Empty MFS on root

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Empty MFS on root

Tati Chevron
Currently, it's possible, (as root), to do something like:

# mount_mfs -s 1g swap /

which succeeds, and mounts the empty filesystem as the root filesystem.

This makes the machine inoperable and requires a physical reset, without a clean shutdown, as no system binaries are available.

Shouldn't we make mount_mfs error out in this case?

--
Tati Chevron
Perl and FORTRAN specialist.
SWABSIT development and migration department.
http://www.swabsit.com

Reply | Threaded
Open this post in threaded view
|

Re: Empty MFS on root

Theo de Raadt
> Currently, it's possible, (as root), to do something like:
>
> # mount_mfs -s 1g swap /
>
> which succeeds, and mounts the empty filesystem as the root filesystem.
>
> This makes the machine inoperable and requires a physical reset, without a clean shutdown, as no system binaries are available.
>
> Shouldn't we make mount_mfs error out in this case?

what is "this case"?

The root issue is that you are root, and root is allpowerful.  You
need to be careful, because all the tools are strong.  There are a
million ways to completely screw your machine.  You found one.
Tomorrow you could find another, but it won't take long before you
learn to be careful...

Reply | Threaded
Open this post in threaded view
|

Re: Empty MFS on root

Ted Unangst-6
In reply to this post by Tati Chevron
Tati Chevron wrote:
> Currently, it's possible, (as root), to do something like:
>
> # mount_mfs -s 1g swap /
>
> which succeeds, and mounts the empty filesystem as the root filesystem.
>
> This makes the machine inoperable and requires a physical reset, without a clean shutdown, as no system binaries are available.
>
> Shouldn't we make mount_mfs error out in this case?

No. You should not do that.

Reply | Threaded
Open this post in threaded view
|

Re: Empty MFS on root

Otto Moerbeek
In reply to this post by Tati Chevron
On Tue, Dec 08, 2015 at 03:03:14PM +0000, Tati Chevron wrote:

> Currently, it's possible, (as root), to do something like:
>
> # mount_mfs -s 1g swap /
>
> which succeeds, and mounts the empty filesystem as the root filesystem.
>
> This makes the machine inoperable and requires a physical reset, without a clean shutdown, as no system binaries are available.
>
> Shouldn't we make mount_mfs error out in this case?

Why? Unix does not prevent you from doing stupid things in general.

Besides, a small variation (using -P) could be a proper and sane use
of mount_mfs on /

        -Otto

Reply | Threaded
Open this post in threaded view
|

Re: Empty MFS on root

Uwe Werler
In reply to this post by Tati Chevron
Am 08.12.2015 16:03:14, schrieb Tati Chevron:
> Currently, it's possible, (as
root), to do something like:
>
> # mount_mfs -s 1g swap /
>
> which
succeeds, and mounts the empty filesystem as the root filesystem.
>
> This
makes the machine inoperable and requires a physical reset, without a clean
shutdown, as no system binaries are available.
>
> Shouldn't we make
mount_mfs error out in this case?
>
> --
> Tati Chevron
> Perl and FORTRAN
specialist.
> SWABSIT development and migration department.
>
http://www.swabsit.com
>


Hehe, You can even shutdown the machine as root.
Should there be a warning too? Windoof-like? Or a bunch of questions if You're
really really sure?

Reply | Threaded
Open this post in threaded view
|

Re: Empty MFS on root

Tati Chevron
In reply to this post by Theo de Raadt
On Tue, Dec 08, 2015 at 08:09:47AM -0700, Theo de Raadt wrote:

>> Currently, it's possible, (as root), to do something like:
>>
>> # mount_mfs -s 1g swap /
>>
>> which succeeds, and mounts the empty filesystem as the root filesystem.
>>
>> This makes the machine inoperable and requires a physical reset, without a clean shutdown, as no system binaries are available.
>>
>> Shouldn't we make mount_mfs error out in this case?
>
>what is "this case"?

mount_mfs as opposed to mount.

It's possible to mount a regular filesystem on a mount point that is
already in use, except for /, which fails with an error.

The behaviour of mount_mfs is inconsistent with that of mount, in
that it allows the root directory to be used as a mount point, whereas
mount does not.

As otto points out, using with -P is potentially useful, but without
there doesn't appear to be a use case.

--
Tati Chevron
Perl and FORTRAN specialist.
SWABSIT development and migration department.
http://www.swabsit.com

Reply | Threaded
Open this post in threaded view
|

Re: Empty MFS on root

Ted Unangst-6
Tati Chevron wrote:

> On Tue, Dec 08, 2015 at 08:09:47AM -0700, Theo de Raadt wrote:
> >> Currently, it's possible, (as root), to do something like:
> >>
> >> # mount_mfs -s 1g swap /
> >>
> >> which succeeds, and mounts the empty filesystem as the root filesystem.
> >>
> >> This makes the machine inoperable and requires a physical reset, without a clean shutdown, as no system binaries are available.
> >>
> >> Shouldn't we make mount_mfs error out in this case?
> >
> >what is "this case"?
>
> mount_mfs as opposed to mount.
>
> It's possible to mount a regular filesystem on a mount point that is
> already in use, except for /, which fails with an error.
>
> The behaviour of mount_mfs is inconsistent with that of mount, in
> that it allows the root directory to be used as a mount point, whereas
> mount does not.

This would have been interesting information to include in your original
email. As far as I can see, there's no reason why mount and mount_mfs would
behave differently here.

Reply | Threaded
Open this post in threaded view
|

Re: Empty MFS on root

Alexander Hall
In reply to this post by Otto Moerbeek
On December 8, 2015 4:21:16 PM GMT+01:00, Otto Moerbeek <[hidden email]> wrote:

>On Tue, Dec 08, 2015 at 03:03:14PM +0000, Tati Chevron wrote:
>
>> Currently, it's possible, (as root), to do something like:
>>
>> # mount_mfs -s 1g swap /
>>
>> which succeeds, and mounts the empty filesystem as the root
>filesystem.
>>
>> This makes the machine inoperable and requires a physical reset,
>without a clean shutdown, as no system binaries are available.
>>
>> Shouldn't we make mount_mfs error out in this case?
>
>Why? Unix does not prevent you from doing stupid things in general.
>
>Besides, a small variation (using -P) could be a proper and sane use
>of mount_mfs on /

FWIW, I don't think so, as the mfs is populated after being mounted.

>
> -Otto

Reply | Threaded
Open this post in threaded view
|

Re: Empty MFS on root

Janne Johansson-3
2015-12-08 21:18 GMT+01:00 Alexander Hall <[hidden email]>:

> On December 8, 2015 4:21:16 PM GMT+01:00, Otto Moerbeek <[hidden email]>
> wrote:
> >On Tue, Dec 08, 2015 at 03:03:14PM +0000, Tati Chevron wrote:
> >
> >> Currently, it's possible, (as root), to do something like:
> >> # mount_mfs -s 1g swap /
> >>
> >> which succeeds, and mounts the empty filesystem as the root
> >filesystem.
> >> This makes the machine inoperable and requires a physical reset,
> >without a clean shutdown, as no system binaries are available.
> >>
> >> Shouldn't we make mount_mfs error out in this case?
> >Why? Unix does not prevent you from doing stupid things in general.
> >Besides, a small variation (using -P) could be a proper and sane use
> >of mount_mfs on /
>
> FWIW, I don't think so, as the mfs is populated after being mounted.
>
>
>
Yeah, mount_mfs will need /bin/pax, and if you give -P a block device, it
will
use /mnt in order to mount the wanted device on so pax can read the files
out
of it, so / and /mnt can't be mfs-mounted upon with -P.


--
May the most significant bit of your life be positive.

Reply | Threaded
Open this post in threaded view
|

Re: Empty MFS on root

Alexander Hall
On Wed, Dec 09, 2015 at 09:02:25AM +0100, Janne Johansson wrote:

> 2015-12-08 21:18 GMT+01:00 Alexander Hall <[hidden email]>:
>
> > On December 8, 2015 4:21:16 PM GMT+01:00, Otto Moerbeek <[hidden email]>
> > wrote:
> > >On Tue, Dec 08, 2015 at 03:03:14PM +0000, Tati Chevron wrote:
> > >
> > >> Currently, it's possible, (as root), to do something like:
> > >> # mount_mfs -s 1g swap /
> > >>
> > >> which succeeds, and mounts the empty filesystem as the root
> > >filesystem.
> > >> This makes the machine inoperable and requires a physical reset,
> > >without a clean shutdown, as no system binaries are available.
> > >>
> > >> Shouldn't we make mount_mfs error out in this case?
> > >Why? Unix does not prevent you from doing stupid things in general.
> > >Besides, a small variation (using -P) could be a proper and sane use
> > >of mount_mfs on /
> >
> > FWIW, I don't think so, as the mfs is populated after being mounted.
> >
> >
> >
> Yeah, mount_mfs will need /bin/pax, and if you give -P a block device, it
> will
> use /mnt in order to mount the wanted device on so pax can read the files
> out
> of it, so / and /mnt can't be mfs-mounted upon with -P.

I've been thinking about having mount_mfs mounting the new mfs in some
temporary place prior to /bin/pax the lot into it, and then unmount it
and mount it into its final destination. I guess I just have not had
any use for that yet. :-)

/Alexander

>
>
> --
> May the most significant bit of your life be positive.

Reply | Threaded
Open this post in threaded view
|

Re: Empty MFS on root

Ted Unangst-6
Alexander Hall wrote:
>
> I've been thinking about having mount_mfs mounting the new mfs in some
> temporary place prior to /bin/pax the lot into it, and then unmount it
> and mount it into its final destination. I guess I just have not had
> any use for that yet. :-)

This would be beneficial for a number of reasons. The current race condition
isn't very nice.