On Sat, Oct 6, 2012 at 7:42 PM, Eric W. Biederman <ebiederm@xxxxxxxxxxxx> wrote: > Eric Paris <eparis@xxxxxxxxxxxxxx> writes: > >> Why trust uids or rwx bits. Might as well do away with those as well, >> right? > > Lying to your own userspace processes (which you can do with LD_PRELOAD) > is rather different than lying to the selinux or the smack modules. > > What I am saying with my patch is that fuse is remarkably non-nuanced > in how it interacts with extended attributes, and that it appears > very clear that there are bugs in the area of unprivileged mounts that > need to be addressed. > > I am happy to hear about better solutions. Telling me it's not a bug > and sticking your head in the sand is quite amusing. I'm not sure how to fix it. But breaking things that do work today for untrusted user mounts isn't right or acceptable. Maybe serge is onto something. Or maybe the best solution is to require LSM policy to just disallow all unpriv (from init namespace PoV) mounts. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
