Michael j Theall <[email protected]> writes: > Seth Forshee <[email protected]> wrote on 10/14/2014 09:25:55 AM: > >> From: Seth Forshee <[email protected]> >> To: Miklos Szeredi <[email protected]> >> Cc: [email protected], "Serge H. Hallyn" >> <[email protected]>, [email protected], Seth >> Forshee <[email protected]>, "Eric W. Biederman" >> <[email protected]>, [email protected] >> Date: 10/14/2014 09:27 AM >> Subject: [fuse-devel] [PATCH v4 4/5] fuse: Support privileged xattrs >> only with a mount option >> >> Allowing unprivileged users to provide arbitrary xattrs via fuse >> mounts bypasses the normal restrictions on setting xattrs. Such >> mounts should be restricted to reading and writing xattrs in the >> user.* namespace. >> > > Can you explain how the normal restrictions on setting xattrs are > bypassed?
If the fuse server is not run by root. Which is a large part of the point of fuse. > My filesystem still needs security.* and system.*, and it looks like > xattr_permission already prevents non-privileged users from accessing > trusted.* If the filesystem is mounted with nosuid (typical of a non-privileged mount of fuse) then the security.* attributes are ignored. >> It's difficult though to tell whether a mount is being performed >> on behalf of an unprivileged user since fuse mounts are ususally >> done via a suid root helper. Thus a new mount option, >> privileged_xattrs, is added to indicated that xattrs from other >> namespaces are allowed. This option can only be supplied by >> system-wide root; supplying the option as an unprivileged user >> will cause the mount to fail. > > I can't say I'm convinced that this is the right direction to head. With respect to defaults we could keep the current default if you have the global CAP_SYS_ADMIN privilege when the mount takes place and then avoid breaking anything. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
