]> git.ipfire.org Git - thirdparty/util-linux.git/commit
projects / thirdparty / util-linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ceb6a7e) | patch
umount: restrict non-root users to mountpoint paths only
authorKarel Zak <kzak@redhat.com>
Mon, 1 Jun 2026 13:22:53 +0000 (15:22 +0200)
committerKarel Zak <kzak@redhat.com>
Tue, 9 Jun 2026 08:40:39 +0000 (10:40 +0200)
commit77fe5f39cabfb2f21caf2c2edeeeb0ff4607bbce
tree014b4dd8f3e92354f1c271b7a2c747fe1895255ftree | snapshot
parentceb6a7effbd32966d8c046cdcef2821038c26a1dcommit | diff
umount: restrict non-root users to mountpoint paths only

Non-root users should only specify mountpoints when calling umount.
Device names, tags (LABEL=, UUID=, etc.) and loop device resolution
are disabled for unprivileged users to avoid processing untrusted
input through tag resolution code paths before permission checks.

In umount.c, reject tag arguments and disable swapmatch for
restricted users. In libmount, skip source and loopdev swapmatch
lookups for restricted contexts as defense in depth.

Signed-off-by: Karel Zak <kzak@redhat.com>
libmount/src/context_umount.c diff | blob | blame | history
sys-utils/umount.8.adoc diff | blob | blame | history
sys-utils/umount.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.