Re: [PATCH v5] fuse: Add support for passthrough read/write

[Nikhilesh Reddy]

Hi
Thanks for your review again :)
> Uh... how do you know at this point that the file is actually writable?
> Normally, e.g. vfs_write() will ensure that the file is writable, and
> e.g. generic_file_write_iter() won't check for writability as far as I
> can tell. This might allow someone to use the passthrough mechanism to
> overwrite a file he is only allowed to read, but not write, like
> /etc/passwd.

I considered adding the checks ( the same ones that VFS does)  but not 
sure if we need to.
So the user will need to construct a fuse filesystem ( that opens for 
O_READONLY even though the user asks for a O_RDWR from the FUSE open) 
and then mount it , with CAP_SYS_ADMIN  for which you need to be root 
but  once he has that he should be able to easily get to the files 
without needing to go through FUSE  right using CAP_DAC_OVERRIDE?

Am i missing something? Please do help me understand.

But yes if really needed I can add additional checks once i understand it


> Also, I think this might bypass mandatory locks, the
> security_file_permission hook (which seems like a bad idea anyway
> though), inotify/fsnotify and sb_start_write.
Can you please elaborate/clarify further? I am am not sure what you mean.


Again thanks for your reviews :)
Appreciate your help
--
Thanks
Nikhilesh Reddy

Qualcomm Innovation Center, Inc.
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project.