On Friday 08 February 2008 07:26:53 Alexander Larsson wrote: > On Thu, 2008-02-07 at 10:29 -0500, Steve Grubb wrote: > > > Now, Gnome (and many other things) start using fuse because it lets you > > > implement very desireable features. > > > > What are these desirable features? Just curious since I may wind up doing > > a lot of code review. > > There are many cases where you as a user want to access and/or modify > something that contains files. Which brings up something, I spent the last 3 years getting the audit system working everywhere. Does filesystem auditing still work under fuse? When a user mounts a filesystem, is that auditable? Does fuse support extended attributes & SE Linux enforcement is still working correctly? > However most apps don't use these interfaces so they can't access files > like this. The standard way to access files is through the syscall > interface, and then things must be mounted, meaning the implementation > generally lives in the kernel with all the issues related to that. And the protection to the system enforced by the kernel. :) > Some things like loopback mounting an iso is possible, but requires root > access, even if the file is readable by the user. Other things are just > not possible. Which is sensible. Remember my fsfuzzer tool? Its found some flaws in fliesystems that could be exploitable with some work. I have not yet had the time to fuzz fuse since its never really be seriously considered for any of our work. > However, with fuse these things can be solved. The filesystem > implementation runs as the user, and user syscalls are proxied to the > filesystem process via a pipe. You cannot do auditing from userspace very well. It requires CAP_AUDIT_WRITE and maybe some other permissions. > This means that anything "filesystem like" that can be accessed from > userspace can be accessed by all applications. So, for instance, you can get > things like remote filesystem access via ssh, easily mountable network > filesystems (smb, ftp, nfs) and user-mountable loopback mounts. But we already have things like that with auditing and security checks in place. :) -Steve -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
