Kernel+Base: Mount root as nodev,nosuid

Then bind-mount /dev and /bin while adding back the appropriate permissions :^)
Author: https://github.com/bugaevc Commit: https://github.com/SerenityOS/serenity/commit/fee6d0a3a6a Pull-request: https://github.com/SerenityOS/serenity/pull/1063
2025-01-23 09:46:04 -05:00 · 2020-01-12 19:40:50 +03:00 · 2020-01-12 19:40:50 +03:00 · fee6d0a3a6 · 2024-07-19 10:07:11 +09:00
commit fee6d0a3a6
parent 1a55264fe6
2 changed files with 9 additions and 3 deletions
--- a/Base/etc/fstab
+++ b/Base/etc/fstab
@ -1,4 +1,10 @@
-/dev/hda	/	ext2
+# Root file system. This is a fake entry which gets ignored by `mount -a`;
+# the actual logic for mounting root is in the kernel.
+/dev/hda	/	ext2	nodev,nosuid
+# Remount /bin and /dev while adding the appropriate permissions.
+/dev	/dev	bind	bind,nosuid
+/bin	/bin	bind	bind,nodev
+
 proc	/proc	proc	nosuid
 devpts	/dev/pts	devpts	noexec,nosuid
 tmp	/tmp	tmp	nodev,nosuid
--- a/Kernel/FileSystem/VirtualFileSystem.cpp
+++ b/Kernel/FileSystem/VirtualFileSystem.cpp
@ -89,7 +89,7 @@ bool VFS::mount_root(FS& file_system)
        return false;
    }

-    Mount mount { file_system, nullptr, 0 };
+    Mount mount { file_system, nullptr, MS_NODEV | MS_NOSUID };

    auto root_inode_id = mount.guest().fs()->root_inode();
    auto root_inode = mount.guest().fs()->get_inode(root_inode_id);
@ -668,7 +668,7 @@ void VFS::sync()
 Custody& VFS::root_custody()
 {
    if (!m_root_custody)
-        m_root_custody = Custody::create(nullptr, "", *m_root_inode, 0);
+        m_root_custody = Custody::create(nullptr, "", *m_root_inode, MS_NODEV | MS_NOSUID);
    return *m_root_custody;
 }