From: Andrew Morton <akpm@osdl.org>
To: aia21@cam.ac.uk, arjan@infradead.org, miklos@szeredi.hu,
linux-kernel@vger.kernel.org, frankvm@frankvm.com
Subject: Re: FUSE merging?
Date: Thu, 30 Jun 2005 13:00:27 -0700 [thread overview]
Message-ID: <20050630130027.2ea25dfa.akpm@osdl.org> (raw)
In-Reply-To: <20050630124622.7c041c0b.akpm@osdl.org>
Andrew Morton <akpm@osdl.org> wrote:
>
> However, a few things:
>
> - is there anything in the current implementation of the permission stuff
> which might tie our hands if it is later reimplemented? IOW: does the
> current FUSE user interface in any way lock us into the current FUSE
> implementation (fuse_allow_task())?
>
> - the fuse mount options don't seem to be documented
>
> - aren't we going to remove the nfs semi-server feature?
>
> - Frank points out that a user can send a sigstop to his own setuid(0)
> task and he intimates that this could cause DoS problems with FUSE. More
> details needed please?
>
> - I don't recall seeing an exhaustive investigation of how an
> unprivileged user could use a FUSE mount to implement DoS attacks against
> other users or against root.
You say
"If a sysadmin trusts the users enough, or can ensure through other
measures, that system processes will never enter non-privileged mounts,
it can relax the last limitation with a "user_allow_other" config
option. If this config option is set, the mounting user can add the
"allow_other" mount option which disables the check for other users'
processes."
What config option, where?
next prev parent reply other threads:[~2005-06-30 20:34 UTC|newest]
Thread overview: 85+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-06-30 9:19 FUSE merging? Miklos Szeredi
2005-06-30 9:27 ` Andrew Morton
2005-06-30 9:51 ` Miklos Szeredi
2005-06-30 10:00 ` Arjan van de Ven
2005-06-30 10:12 ` Miklos Szeredi
2005-06-30 10:20 ` Arjan van de Ven
2005-06-30 10:24 ` Miklos Szeredi
2005-06-30 19:39 ` Avuton Olrich
2005-07-01 6:23 ` Miklos Szeredi
2005-06-30 11:13 ` Anton Altaparmakov
2005-06-30 19:46 ` Andrew Morton
2005-06-30 20:00 ` Andrew Morton [this message]
2005-07-01 6:40 ` Miklos Szeredi
2005-06-30 22:28 ` Frank van Maarseveen
2005-07-01 6:58 ` Miklos Szeredi
2005-07-01 9:24 ` Frank van Maarseveen
2005-07-01 10:27 ` Miklos Szeredi
2005-07-01 12:00 ` Frank van Maarseveen
2005-07-01 12:36 ` Miklos Szeredi
2005-07-01 13:05 ` Frank van Maarseveen
2005-07-01 13:21 ` Miklos Szeredi
2005-07-01 15:20 ` Frank van Maarseveen
2005-07-01 17:04 ` Miklos Szeredi
2005-07-01 18:04 ` Frank van Maarseveen
2005-07-01 19:35 ` Jeremy Maitin-Shepard
2005-07-02 14:49 ` Miklos Szeredi
2005-07-02 16:00 ` Frank van Maarseveen
2005-07-03 6:16 ` Miklos Szeredi
2005-07-03 11:25 ` Frank van Maarseveen
2005-07-03 13:24 ` Miklos Szeredi
2005-07-03 13:50 ` Frank van Maarseveen
2005-07-03 14:03 ` Miklos Szeredi
2005-07-03 14:10 ` FUSE merging? (2) Frank van Maarseveen
2005-07-03 15:47 ` Miklos Szeredi
2005-07-03 19:36 ` Frank van Maarseveen
2005-07-04 8:56 ` Miklos Szeredi
2005-07-04 9:59 ` Frank van Maarseveen
2005-07-04 10:27 ` Miklos Szeredi
2005-07-04 11:26 ` Frank van Maarseveen
2005-07-01 6:36 ` FUSE merging? Miklos Szeredi
2005-07-01 6:50 ` Andrew Morton
2005-07-01 7:07 ` Miklos Szeredi
2005-07-01 7:14 ` Andrew Morton
2005-07-01 7:27 ` Miles Bader
2005-07-01 7:38 ` Miklos Szeredi
2005-07-01 8:02 ` Andrew Morton
2005-07-01 10:11 ` Miklos Szeredi
2005-07-01 11:29 ` Andrew Morton
2005-07-01 12:00 ` Miklos Szeredi
2005-07-01 12:53 ` Anton Altaparmakov
2005-07-01 13:07 ` Anton Altaparmakov
2005-07-01 13:51 ` Frank van Maarseveen
2005-07-01 13:29 ` Eric Van Hensbergen
2005-07-01 16:45 ` Matthias Urlichs
2005-07-01 12:08 ` Frank van Maarseveen
2005-07-01 13:21 ` Eric Van Hensbergen
2005-07-01 13:53 ` Miklos Szeredi
2005-07-01 14:18 ` Eric Van Hensbergen
2005-07-01 14:31 ` Miklos Szeredi
2005-07-02 10:01 ` Eric W. Biederman
2005-07-02 14:58 ` Miklos Szeredi
2005-07-02 16:43 ` Eric Van Hensbergen
2005-07-02 17:33 ` Eric W. Biederman
2005-07-03 19:39 ` Pavel Machek
2005-07-04 8:38 ` Miklos Szeredi
[not found] ` <20050704084900.GG15370@elf.ucw.cz>
2005-07-04 9:02 ` Miklos Szeredi
2005-07-04 10:46 ` Pekka Enberg
2005-07-01 12:37 ` bert hubert
2005-07-01 7:46 ` Frederik Deweerdt
2005-07-01 9:47 ` Miklos Szeredi
2005-07-01 9:36 ` Frank van Maarseveen
2005-07-01 10:45 ` Miklos Szeredi
2005-07-01 11:34 ` Frank van Maarseveen
2005-06-30 10:16 ` Miklos Szeredi
2005-06-30 16:30 ` Pavel Machek
-- strict thread matches above, loose matches on Subject: below --
2005-09-02 22:02 Miklos Szeredi
2005-09-02 22:34 ` Andrew Morton
2005-09-03 0:34 ` Kasper Sandberg
2005-09-03 5:31 ` Miklos Szeredi
2005-09-03 6:40 ` Andrew Morton
2005-09-03 7:23 ` Miklos Szeredi
2005-09-03 13:29 ` Eric Van Hensbergen
2005-09-03 14:20 ` Miklos Szeredi
2005-09-03 15:01 ` Eric Van Hensbergen
2005-09-03 15:38 ` Miklos Szeredi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050630130027.2ea25dfa.akpm@osdl.org \
--to=akpm@osdl.org \
--cc=aia21@cam.ac.uk \
--cc=arjan@infradead.org \
--cc=frankvm@frankvm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=miklos@szeredi.hu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.