Re: [RFC] FUSE permission modell (Was: fuse review bits)

From: Jamie Lokier
Date: Tue Apr 12 2005 - 11:08:04 EST

Next message: Vojtech Pavlik: "Re: set keyboard repeat rate: EVIOCGREP and EVIOCSREP"
Previous message: akpm: "[patch 172/198] IB/mthca: print assigned IRQ when interrupt test fails"
In reply to: Frank Sorenson: "Re: [RFC] FUSE permission modell (Was: fuse review bits)"
Next in thread: Anton Altaparmakov: "Re: [RFC] FUSE permission modell (Was: fuse review bits)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Frank Sorenson wrote:
> > That does not make sense.
> >
> > Are you saying you cannot trust your own sshfs userspace daemon?
>
> The user who wrote the userspace code may be able to, but the system
> shouldn't trust the userspace daemon. Permissions will be enforced by
> the ssh server.

In fact that's wrong. Although permissions are enforced by the ssh
server, the server assumes that once a conncection is established, all
requests on it are from the same originating user. The server is not
able to check which user is accessing the files on the client machine
- which is why Miklos wants/needs restrictive permissions on the
client machine too.

-- Jamie
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Vojtech Pavlik: "Re: set keyboard repeat rate: EVIOCGREP and EVIOCSREP"
Previous message: akpm: "[patch 172/198] IB/mthca: print assigned IRQ when interrupt test fails"
In reply to: Frank Sorenson: "Re: [RFC] FUSE permission modell (Was: fuse review bits)"
Next in thread: Anton Altaparmakov: "Re: [RFC] FUSE permission modell (Was: fuse review bits)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]