Re: [PATCH v3 4/4] fuse: define the filesystem as untrusted

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> writes:

> On Wed, 2018-03-14 at 08:52 +0100, Stef Bon wrote:
>> I do not have any comments about the patches but a question.
>> I completely agree that the files can change without the VFS knowing
>> about it, but isn't that in general the case with filesystems with a
>> backend shared with others (network fs's?).
>
> Right, the problem is not limited to fuse, but needs to be addressed
> before unprivileged fuse mounts are upstreamed.
>
> Alban's response to this question:
> https://marc.info/?l=linux-kernel&m=151784020321045&w=2

Which goes to why it is a flag that get's set.

All of this just needs a follow-up patch to update every filesystem
that does not meet ima's requirements.

Mimi I believe you said that the requirement is that all file changes
can be detected through the final __fput of a file that calls
ima_file_free.

Eric



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux