Re: -mm -> 2.6.13 merge status (fuse)

[Pavel Machek]

Hi!

> > > >     This is useful, but there are, AFAIK, two issues:
> > > > 
> > > >     - We're still deadlocked over some permission-checking hacks in there
> > > 
> > > Oh, god.  Let me try to explain this again:
> > > 
> > >   - This is a security issue with unprivileged mounts
> > 
> > Pretty please, just merge it without unpriviledged mounts. I see
> > they are usefull, but they are too strange for now.
> 
> An emotional argument again.  What's "strange" about it?

Not so emotional argument...

System where users can mount their own filesystems should not be
called "Unix" any more. It introduces new mechanism, similar to
ptrace. It restricts root in ways not seen before. How is
updatedb/locate supposed to work on system with this? How is it going
to interact with backup tools? 

Add this to your A): "by tricking some interpretter to think script is
setuid".

> You have a choice of: 1) believe me that the current solution is
> fine

>  2) get down and try to understand the damn thing, and then come up
>     with technical arguments for/against it

Argument is "it is **** ugly".

Your fuse.txt explains why it is not security hole. It does not
explain why your interface is the best possible, and what alternative
ways of "not security hole" exist.

								Pavel
-- 
teflon -- maybe it is a trademark, but it should not be.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/