> Why, exactly, is this check in the kernel and not the FUSE daemon?
>
> Someone said the FUSE daemon knows which user is making filesystem
> requests, and can therefore do this. Is it true?
Yes.
The check is in the kernel, because otherwise it couldn't be enforced.
It is not there for the purpose of protecting user's data. Rather for
protecting other users (including root) from unknowingly entering the
FUSE directory and thus leaking otherwise inaccessible information
(exact file operations performed) to the mount owner.
It's probably not a great security risk, but it's better to be safe
than sorry. If a sysadmin decides, it's not problematic, he can
relax this by
echo user_allow_other >> /etc/fuse.conf
Miklos
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]