3

Neither man nor info page provide more information on this than:

mount --no-canonicalize Don't canonicalize paths. The mount command canonicalizes all paths (from command line or fstab) and stores canonicalized paths to the /etc/mtab file. This option can be used together with the -f flag for already canonicalized absolut paths.

In connection with fuse, I found that it was introduced to Linux Kernel 2.8.5 to prevent … local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack [→ source].

Question: What is mount --no-canonicalize actually used for? Was this just a security issue or what else is this option used for?

As I'm quite limited in my settings here, I was just able to mount USB Flash Drives with and without this option, with the exact same output in /etc/mtab and when using mount --show-labelsin the minutest detail. This might be different with other file systems.


Update 1: umount also provides this option, where both man and info page tells one

--no-canonicalize Don't canonicalize paths. For more details about this option see the mount(8) man page

Improve this question

1 Answer 1

Reset to default
1

The canonicalization refers to the device path. So you say:

I was just able to mount USB Flash Drives with and without this option, with the exact same output in /etc/mtab

But did you try this?

cd /dev mount --no-canonicalize sdb1 /mnt/usb

The listing in mtab will start with just "sdb1". Without --no-canonicalize, it would be /dev/sdb1. Also:

ln -s /dev/sdb1 ~/mydev cd ~ mount --no-canonicalize mydev /mnt/usb

The mtab listing will be for "mydev", whereas without --no-canonicalize it will be for /dev/sdb1.

Not sure what that has to do with unmounting via a symlink attack on unprivilleged mounts, but it does allow for obscuring paths in the publicly accessible /etc/mtab. It is hard to symlink something if you don't have a canonical (or any) path for it.

Improve this answer
1
  • As logically and good as it sounds, it doesn't work for me. I get the same results with[out] no-canonicalize Commented Aug 17, 2013 at 19:51

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.