Seth Forshee <[email protected]> wrote on 10/14/2014 09:25:55 AM:
> From: Seth Forshee <[email protected]> > To: Miklos Szeredi <[email protected]> > Cc: [email protected], "Serge H. Hallyn" > <[email protected]>, [email protected], Seth > Forshee <[email protected]>, "Eric W. Biederman" > <[email protected]>, [email protected] > Date: 10/14/2014 09:27 AM > Subject: [fuse-devel] [PATCH v4 4/5] fuse: Support privileged xattrs > only with a mount option > > Allowing unprivileged users to provide arbitrary xattrs via fuse > mounts bypasses the normal restrictions on setting xattrs. Such > mounts should be restricted to reading and writing xattrs in the > user.* namespace. > Can you explain how the normal restrictions on setting xattrs are bypassed? My filesystem still needs security.* and system.*, and it looks like xattr_permission already prevents non-privileged users from accessing trusted.* > It's difficult though to tell whether a mount is being performed > on behalf of an unprivileged user since fuse mounts are ususally > done via a suid root helper. Thus a new mount option, > privileged_xattrs, is added to indicated that xattrs from other > namespaces are allowed. This option can only be supplied by > system-wide root; supplying the option as an unprivileged user > will cause the mount to fail. I can't say I'm convinced that this is the right direction to head. Regards, Michael Theall -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
