> > - I don't recall seeing an exhaustive investigation of how an
> > unprivileged user could use a FUSE mount to implement DoS attacks against
> > other users or against root.
>
> You say
>
> "If a sysadmin trusts the users enough, or can ensure through other
> measures, that system processes will never enter non-privileged mounts,
> it can relax the last limitation with a "user_allow_other" config
> option. If this config option is set, the mounting user can add the
> "allow_other" mount option which disables the check for other users'
> processes."
>
> What config option, where?
Currently that's a userspace issue. There's a /etc/fuse.conf file,
with two options:
max_mounts=X
user_allow_other
The fusermount helper reads this file, and decides if passing the
'allow_other' mount option to the kernel is OK or not.
If we want unprivileged sys_mount() these will have to be checked in
kernel (set via sysfs, etc).
Miklos
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
| |
 |