Re: [PATCH] private mounts

From: Miklos Szeredi
Date: Wed Apr 27 2005 - 09:48:28 EST


> Why, exactly, is this check in the kernel and not the FUSE daemon?
>
> Someone said the FUSE daemon knows which user is making filesystem
> requests, and can therefore do this. Is it true?

Yes.

The check is in the kernel, because otherwise it couldn't be enforced.

It is not there for the purpose of protecting user's data. Rather for
protecting other users (including root) from unknowingly entering the
FUSE directory and thus leaking otherwise inaccessible information
(exact file operations performed) to the mount owner.

It's probably not a great security risk, but it's better to be safe
than sorry. If a sysadmin decides, it's not problematic, he can
relax this by

echo user_allow_other >> /etc/fuse.conf

Miklos
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/