Anton Altaparmakov <[email protected]> wrote:
>
> On Thu, 2005-06-30 at 12:20 +0200, Arjan van de Ven wrote:
> > On Thu, 2005-06-30 at 12:12 +0200, Miklos Szeredi wrote:
> > > > if you are so interested in getting fuse merged... why not merge it
> > > > first with the security stuff removed entirely. And then start
> > > > discussing putting security stuff back in ?
> > >
> > > a) it's already been discussed to death (just search for 'fuse' on
> > > lkml and fsdevel)
> > >
> > > b) I don't consider it a good idea to ship a defunct version of it in
> > > the mainline
> > >
> > > Can you please accept my wish to have FUSE merged _with_ the
> > > unprivileged mount's thing.
> >
> > By the same argument:
> > Then can you please accept that FUSE will not get merged right now.
>
> Why should he? IMNSHO it should be merged right now with the security
> stuff. FUSE works as is. Without the security stuff FUSE is useless.
>
> I have yet to read even a single constructive argument why it should not
> be merged as is.
I believe that the requirement which fuse_allow_task() attempts to satisfy
is legitimate and is useful to FUSE users.
The fact that, AFAIK, nobody as found a way to implement it more nicely is
a Linux problem, not a FUSE problem.
Given that the actual amount of code involved is small, centralised and
well known about we can easily fix it up later if/when new infrastructure
or new ideas become available.
So unless someone is able to come up with a better approach in the next few
days I'm inclined to say "we suck" and merge the thing as-is.
However, a few things:
- is there anything in the current implementation of the permission stuff
which might tie our hands if it is later reimplemented? IOW: does the
current FUSE user interface in any way lock us into the current FUSE
implementation (fuse_allow_task())?
- the fuse mount options don't seem to be documented
- aren't we going to remove the nfs semi-server feature?
- Frank points out that a user can send a sigstop to his own setuid(0)
task and he intimates that this could cause DoS problems with FUSE. More
details needed please?
- I don't recall seeing an exhaustive investigation of how an
unprivileged user could use a FUSE mount to implement DoS attacks against
other users or against root.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]