Re: [PATCH] private mounts

From: Miklos Szeredi
Date: Wed Apr 27 2005 - 09:48:28 EST

Next message: Paul Jackson: "Re: [PATCH 1a/7] dlm: core locking"
Previous message: Jamie Lokier: "Re: [PATCH] private mounts"
In reply to: Jamie Lokier: "Re: [PATCH] private mounts"
Next in thread: Miklos Szeredi: "Re: [PATCH] private mounts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Why, exactly, is this check in the kernel and not the FUSE daemon?
>
> Someone said the FUSE daemon knows which user is making filesystem
> requests, and can therefore do this. Is it true?

Yes.

The check is in the kernel, because otherwise it couldn't be enforced.

It is not there for the purpose of protecting user's data. Rather for
protecting other users (including root) from unknowingly entering the
FUSE directory and thus leaking otherwise inaccessible information
(exact file operations performed) to the mount owner.

It's probably not a great security risk, but it's better to be safe
than sorry. If a sysadmin decides, it's not problematic, he can
relax this by

echo user_allow_other >> /etc/fuse.conf

Miklos
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Paul Jackson: "Re: [PATCH 1a/7] dlm: core locking"
Previous message: Jamie Lokier: "Re: [PATCH] private mounts"
In reply to: Jamie Lokier: "Re: [PATCH] private mounts"
Next in thread: Miklos Szeredi: "Re: [PATCH] private mounts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]