On Tue, 2008-02-05 at 18:05 +0100, Thorsten Leemhuis wrote: > On 05.02.2008 17:10, Peter Lemenkov wrote: > > > > Due to landing of upcoming Gnome release in Fedora 9 I decided to drop > > fuse group. > > > > The main reason is that future Gnome VFS will use fuse as a backend, > > and we wil be forced to add all users into fuse group (if we allow > > them to use Gnome VFS) what will made the existence of fuse group > > useless.. > > > > Any objections? > > Well, when I got fuse integrated into Fedora several well-known and > long-term Red Hat/Fedora developers said "it needs a security audit > before we drop the fuse group". Not that long ago when we discussed > > https://bugzilla.redhat.com/show_bug.cgi?id=298651 > http://secunia.com/advisories/26938/ > > I heard that once or twice again. Those bugs are not about fuse at all. They are about someone making the ntfs-3g binary setuid which is completely wrong (i.e. that means any fuse user could read any block device with an NTFS partition on it). Generally fuse mounts run as a user and has no access to anything that the user can't already do. The only part where the setuid thing is needed is for actually mounting the fuse filesysem. This is a small bit of code that was designed by upstream to be reviewable and secure. Now, its true that there is a small bit of setuid code, and it *could* have a bug in there. However, if that is the case we need to fix that even if we limit use of fuse to the fuse group. Especially now that fuse is getting more and more use so that most desktop users will want to be in that group. If you truly fear fuse, security-wise, the best thing to do is to not install it. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
