Hi Thanks for your review again :)
Uh... how do you know at this point that the file is actually writable? Normally, e.g. vfs_write() will ensure that the file is writable, and e.g. generic_file_write_iter() won't check for writability as far as I can tell. This might allow someone to use the passthrough mechanism to overwrite a file he is only allowed to read, but not write, like /etc/passwd.
I considered adding the checks ( the same ones that VFS does) but not sure if we need to. So the user will need to construct a fuse filesystem ( that opens for O_READONLY even though the user asks for a O_RDWR from the FUSE open) and then mount it , with CAP_SYS_ADMIN for which you need to be root but once he has that he should be able to easily get to the files without needing to go through FUSE right using CAP_DAC_OVERRIDE?
Am i missing something? Please do help me understand. But yes if really needed I can add additional checks once i understand it
Also, I think this might bypass mandatory locks, the security_file_permission hook (which seems like a bad idea anyway though), inotify/fsnotify and sb_start_write.
Can you please elaborate/clarify further? I am am not sure what you mean. Again thanks for your reviews :) Appreciate your help -- Thanks Nikhilesh Reddy Qualcomm Innovation Center, Inc. The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
