In article <aec45dd5-0f90-4eaa-b08b-9e692fcd2b76@e67g2000hsa.googlegroups.com>,
xi4oyu <Evil.xi4oyu@gmail.com> writes:
>well , there exists some differents to mount a filesytem if you are a
>normal user.
>Even if root has added user options in /etc/fstab , user then can
>mount the filesytem . But it seems that the setuid program in the
>newly mounted FS doesn't a truley setuid program , Even you use ls -
>l ,the result like :
>
>[test@localhost mnt]$ ls -l
>total 52
>-rwsr-sr-x 1 root root 38468 Apr 17 15:47 chmod
>drwx------ 2 root root 12288 Apr 17 15:42 lost+found
>
>but the chmod can't turely take efforts on the root's file :p
>
>The OS must be designed to take care of this secure issue.

That's a different issue than why mount needs setuid.

It's reasonably common to ignore setuid on user-mounted
file systems and/or NFS mounted systems. It's a security
issue. setuid would allow anybody who could do a user-mount
to take over the system. (All they would need is a setuid script
that started a shell. Poof, you are root.)

--
These are my opinions, not necessarily my employer's. I hate spam.