:: Re: [DNG] pmount-like application l…
Top Page
This message is part of the following thread:
M++\the complete thread tree sorted by date
MMMMDidier Kryn at <-
MMaitor at ->
Delete this message
Reply to this message
Author: aitor
Date:  
To: dng
New-Topics: Re: [DNG] qmount [Was re: pmount-like etc...]
Subject: Re: [DNG] pmount-like application looking for a name
Hi Didier,

On 1/26/26 17:47, Didier Kryn wrote:
> Because of the inability of *pmount* to mount exfat partitions using
> Linux native exfat filesystem, I developped my own replacement and I
> am ready to pulish it on devuangit under GPL version 3 or later.

Thanks for the new project, it will be very useful when combined with hopman.

I have been reviewing the code and I would like to propose an improvement regarding how the program handles privileges.
Currently, the project uses the SUID bit (04755) to allow mounting operations. While effective, this grants the process
full root privileges, increasing the security attack surface. Therefore, I suggest moving to Linux Capabilities for the
following reasons:

1) Least Privilege: By using setcap, we only grant the binary the specific privileges it needs: 

    cap_value_t cap_list[] = {
        CAP_SYS_ADMIN,      /* for mount */
        CAP_DAC_OVERRIDE,   /* to create the directory in /media */
        CAP_CHOWN           /* to assing the uid/gid */
    };


    This prevents a potential exploit from gaining full root access to the system.


2) Granular Control: I have implemented a small logic in main.c using libcap to ensure privileges
    are only active during critical operations (mount and directory creation) and are dropped immediately
    after using a drop_privileges() function.


3) Capabilities are the standard in Linux for reducing the risks associated with privileged binaries

Other changes suggested:

- Modify the Makefile to link against libcap. 

  - Update install rule to use `setcap` instead of chmod +s, and changed 04755 to 0755 to eliminate the SUID bit risk
    assigning granular capabilities to the installed binary:


       sudo install -o root -m 0755 $(PGNAME) $(INSTALL_EXEC)
       sudo setcap cap_sys_admin,cap_dac_override,cap_chown+p $(INSTALL_EXEC)/$(PGNAME)


- Add a safe drop_privileges function and a refined cleanup block to handle errors and memory (using blkid_put_cache).

- Add a check for encrypted LUKS devices to prevent invalid mount attempts (main.c, lines 192 - 200) 

  - Use mount2() (https://linux.die.net/man/2/umount2) instead of mount() in combination with the flags UMOUNT_NOFOLLOW
    or MNT_DETACH. The latter allows a "lazy unmount" if the resource is busy.



You can find the code with the suggested changes in the following link:


https://genuen.org/qmount


I think that this approach makes qmount much safer for the end user while maintaining the same functionality.

Btw..., a bit late to the party, but I like the name *qmount* :)

Best regards,

Aitor.








This message was posted to the following mailing lists:
dng
Mailing List Info | Nearby Messages		<-[DNG] Poettering leaves MicrosoftRe: [DNG] pmount-like application looking for a name->

Donate to Dyne.org

dyne.org open discussions
administrated by dyne.org hackers		Lurker (version 2.3)