Re: [PATCH] private mounts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Why, exactly, is this check in the kernel and not the FUSE daemon?
> 
> Someone said the FUSE daemon knows which user is making filesystem
> requests, and can therefore do this.  Is it true?

Yes.

The check is in the kernel, because otherwise it couldn't be enforced.

It is not there for the purpose of protecting user's data.  Rather for
protecting other users (including root) from unknowingly entering the
FUSE directory and thus leaking otherwise inaccessible information
(exact file operations performed) to the mount owner.

It's probably not a great security risk, but it's better to be safe
than sorry.  If a sysadmin decides, it's not problematic, he can
relax this by 

  echo user_allow_other >> /etc/fuse.conf

Miklos
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux