Re: [RFC] FUSE permission modell (Was: fuse review bits)

> > 
> >   1) Only allow mount over a directory for which the user has write
> >      access (and is not sticky)
> > 
> >   2) Use nosuid,nodev mount options
> > 
> > [ parts deleted ]
> 
> Do these solve all the security concerns with unprivileged mounts, or
> are there other barriers/concerns?  Should there be ulimit (or rlimit)
> style restrictions on how many mounts/binds a user is allowed to have
> to prevent users from abusing mount privs?

Currently there is a (configurable) global limit for all non-root FUSE
mounts.  An additional per-user limit would be nice, but from the
security standpoint it doesn't matter.

> I was thinking about this a while back and thought having a user-mount
> permissions file might be the right way to address lots of these
> issues.  Essentially it would contain information about what
> users/groups were allowed to mount what sources to what destinations
> and with what mandatory options.

I haven't yet seen the need for such a great flexibility.  Debian
installs fusermount (the FUSE mount utility) "-rwsr-x--- root fuse",
so only users in the "fuse" group are allowed to use it.  This is sane
for a new technology, but I expect these limitations to be removed
once it establishes itsef as a secure solution.

> You can get the start of this with the user/users/etc. stuff in
> /etc/fstab, but I was envisioning something a bit more dynamic with
> regular expression based rules for sources and destinations.   So,
> something like:

[snip]

> Is this unnecessary?  Is this not enough?

Maybe it is necessary, but why bother until somebody actually wants
it?  I'm a great believer of the "lazy" development philosophy ;)

Thanks,
Miklos
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: [RFC] FUSE permission modell (Was: fuse review bits)
    • From: Eric Van Hensbergen <[email protected]>

• References:
  • [RFC] FUSE permission modell (Was: fuse review bits)
    • From: Miklos Szeredi <[email protected]>
  • Re: [RFC] FUSE permission modell (Was: fuse review bits)
    • From: Eric Van Hensbergen <[email protected]>

• Prev by Date: [2.6 patch] ACPI: add two missing config.h #include's
• Next by Date: Re: [PATCH] i386 & x86_64: Live Patching Funcion on 2.6.11.7
• Previous by thread: Re: [RFC] FUSE permission modell (Was: fuse review bits)
• Next by thread: Re: [RFC] FUSE permission modell (Was: fuse review bits)
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]