On Sun, 16 Oct 2022 at 19:00, Simon Thoby <work.viveris@xxxxxxxxxxxxx> wrote:
>
> Commit 4ad769f3c346ec3d458e255548dec26ca5284cf6 ("fuse: Allow fully
> unprivileged mounts") enabled mounting filesystems with the 'fuse' type for
> any user with CAP_SYS_ADMIN inside their respective user namespace, but did
> not do so for the 'fuseblk' filesystem type.
>
> Some FUSE filesystems implementations - like ntfs-3g - prefer using
> 'fuseblk' over 'fuse', which imply unprivileged users could not use these
> tools - in their "out-of-the-box" configuration, as these tools can always
> be patched to use the 'fuse' filesystem type to circumvent the problem.
>
> Enable unprivileged mounts for the 'fuseblk' type, thus uniformizing the
> behavior of the two FUSE filesystem types.
>
> Signed-off-by: Simon Thoby <work.viveris@xxxxxxxxxxxxx>
NAK in this form.
Please look at all the places where there's a difference between the
fuse and the fuseblk behavior and give proof that they won't result in
a security issue in case fuseblk is mounted unprivileged.
As a possibly much better alternative, try modifying the ntfs-3g code
to be able to work using the "fuse" fs type as well.
Thanks,
Miklos
fuseblk enables synchronouse RELEASE and DESTROY requests that are
unsuitable for unprivileged operation.
Thanks,
Miklos
