On Fri, Jul 01, 2005 at 07:04:50PM +0200, Miklos Szeredi wrote:
> I'm not saying this is a problem, but also I don't see any
> overwhelming reason to not allow user mounts over non-leaf
> directories.
All things considered I'd still prefer forbidding FUSE mounts on non-leaf
dirs. For name space sanity. And it may be easier to get the whole thing
accepted:
- One could argue that the existing name space is extended rather than
changed [for a subset of processes], what Al Viro seems to reject.
- The processes which cannot be ptraced/sent a signal by the mount
owner are not "forced" to traverse the FUSE mount for the sake of
name space invariancy, with all associated security problems: they
can see everything up to the leaf node of all the usual mounts.
But put otherwise: is there a compelling reason to permit FUSE mounts on
non-leaf nodes?
Can FUSE mount on a file like NFS?
What is your opinion about replacing the ptrace check by a signal check
(later on, no hurry)?
--
Frank
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
| |
 |