Seth Forshee <seth.forshee@xxxxxxxxxxxxx> wrote on 10/14/2014 09:25:55 AM: > From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx> > To: Miklos Szeredi <miklos@xxxxxxxxxx> > Cc: fuse-devel@xxxxxxxxxxxxxxxxxxxxx, "Serge H. Hallyn" > <serge.hallyn@xxxxxxxxxx>, linux-kernel@xxxxxxxxxxxxxxx, Seth > Forshee <seth.forshee@xxxxxxxxxxxxx>, "Eric W. Biederman" > <ebiederm@xxxxxxxxxxxx>, linux-fsdevel@xxxxxxxxxxxxxxx > Date: 10/14/2014 09:27 AM > Subject: [fuse-devel] [PATCH v4 4/5] fuse: Support privileged xattrs > only with a mount option > > Allowing unprivileged users to provide arbitrary xattrs via fuse > mounts bypasses the normal restrictions on setting xattrs. Such > mounts should be restricted to reading and writing xattrs in the > user.* namespace. > Can you explain how the normal restrictions on setting xattrs are bypassed? My filesystem still needs security.* and system.*, and it looks like xattr_permission already prevents non-privileged users from accessing trusted.* > It's difficult though to tell whether a mount is being performed > on behalf of an unprivileged user since fuse mounts are ususally > done via a suid root helper. Thus a new mount option, > privileged_xattrs, is added to indicated that xattrs from other > namespaces are allowed. This option can only be supplied by > system-wide root; supplying the option as an unprivileged user > will cause the mount to fail. I can't say I'm convinced that this is the right direction to head. Regards, Michael Theall -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
