Re: [fuse-devel] [PATCH v4 4/5] fuse: Support privileged xattrs only with a mount option

From: Andy Lutomirski
Date: Tue Oct 21 2014 - 17:45:15 EST

Next message: Darren Hart: "Re: [PATCH v4 00/13] Add ACPI _DSD and unified device properties? support"
Previous message: Darren Hart: "Re: [PATCH RFC] platform: hp_accel: add a i8042 filter to remove accelerometer data"
In reply to: Michael j Theall: "Re: [fuse-devel] [PATCH v4 4/5] fuse: Support privileged xattrs only with a mount option"
Next in thread: Seth Forshee: "Re: [fuse-devel] [PATCH v4 4/5] fuse: Support privileged xattrs only with a mount option"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Oct 21, 2014 at 2:34 PM, Michael j Theall <mtheall@xxxxxxxxxx> wrote:
> Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote on 10/21/2014 04:27:13 PM:
>> But how does this help with FUSE at all? Does FUSE end up calling
>> xattr_permission?
>>
>> --Andy
>>
>
> The xattr system calls go through xattr_permission before it ever gets to
> the FUSE ops.

But a malicious FUSE filesystem can just put those xattrs there by
fiat, the same way that my old FUSE-based sploit put a setuid root
copy of bash in the filesystem. No setxattr calls are needed.

--Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Darren Hart: "Re: [PATCH v4 00/13] Add ACPI _DSD and unified device properties? support"
Previous message: Darren Hart: "Re: [PATCH RFC] platform: hp_accel: add a i8042 filter to remove accelerometer data"
In reply to: Michael j Theall: "Re: [fuse-devel] [PATCH v4 4/5] fuse: Support privileged xattrs only with a mount option"
Next in thread: Seth Forshee: "Re: [fuse-devel] [PATCH v4 4/5] fuse: Support privileged xattrs only with a mount option"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]