On Tue, 27 Sept 2022 at 01:18, Daniel Rosenberg <drosen@xxxxxxxxxx> wrote:
> diff --git a/include/uapi/linux/fuse.h b/include/uapi/linux/fuse.h
> index d6ccee961891..8c80c146e69b 100644
> --- a/include/uapi/linux/fuse.h
> +++ b/include/uapi/linux/fuse.h
> @@ -572,6 +572,17 @@ struct fuse_entry_out {
> struct fuse_attr attr;
> };
>
> +#define FUSE_ACTION_KEEP 0
> +#define FUSE_ACTION_REMOVE 1
> +#define FUSE_ACTION_REPLACE 2
> +
> +struct fuse_entry_bpf_out {
> + uint64_t backing_action;
> + uint64_t backing_fd;
This is a security issue. See this post from Jann:
https://lore.kernel.org/all/CAG48ez17uXtjCTa7xpa=JWz3iBbNDQTKO2hvn6PAZtfW3kXgcA@xxxxxxxxxxxxxx/
The fuse-passthrough series solved this by pre-registering the
passthrogh fd with an ioctl. Since this requires an expicit syscall on
the server side the attack is thwarted.
It would be nice if this mechanism was agreed between these projects.
BTW, does fuse-bpf provide a superset of fuse-passthrough? I mean
could fuse-bpf work with a NULL bpf program as a simple passthrough?
Thanks,
Miklos
