From: Tejun Heo <tj@kernel.org>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: fuse-devel@lists.sourceforge.net, greg@kroah.com,
linux-kernel@vger.kernel.org
Subject: Re: [PATCHSET] FUSE: extend FUSE to support more operations
Date: Thu, 13 Nov 2008 20:29:36 +0900 [thread overview]
Message-ID: <491C0FA0.5070500@kernel.org> (raw)
In-Reply-To: <E1L0aEn-0006dh-BK@pomaz-ex.szeredi.hu>
Hello,
Miklos Szeredi wrote:
> Not with '-oallow_other'. Consider the case that the caller invoked a
> non well formed ioctl, but since there's no way to know this we
> allowed the fuse server to tinker with the caller's address space
> _as if_ the ioctl was well formed.
Right, allow_other.
> So we should always make sure that the server has enough privilege to
> read/write the caller's memory, i.e. it can ptrace the caller.
>
> At this point we could allow any ioctls, not just well formed ones.
> But I don't want that for a different reason: if the possibility is
> there people will find new "innovative" uses for it and just get
> themselves into a big mess.
I don't really mind people doing strange things in userland as long as
it's safe but you're the maintainer. It's a bit strange to export the
feature only for CUSE, so I'm a little bit hesitant. I wanna make it
useful for both. So, at the kernel level, only well formed for FUSE and
everything goes for CUSE. Does that sound good enough?
--
tejun
next prev parent reply other threads:[~2008-11-13 11:30 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-28 17:40 [PATCHSET] FUSE: extend FUSE to support more operations Tejun Heo
2008-08-28 17:40 ` [PATCH 1/7] FUSE: add include protectors Tejun Heo
2008-08-28 17:40 ` [PATCH 2/7] FUSE: pass nonblock flag to client Tejun Heo
2008-08-28 17:40 ` [PATCH 3/7] FUSE: implement nonseekable open Tejun Heo
2008-08-28 17:41 ` [PATCH 4/7] FUSE: implement direct lseek support Tejun Heo
2008-08-28 17:41 ` [PATCH 5/7] FUSE: implement ioctl support Tejun Heo
2008-08-28 17:51 ` Greg KH
2008-08-28 17:59 ` Tejun Heo
2008-08-28 18:01 ` Tejun Heo
2008-08-28 18:13 ` Miklos Szeredi
2008-08-28 18:17 ` Tejun Heo
2008-08-28 18:23 ` Miklos Szeredi
2008-08-28 18:34 ` Tejun Heo
2008-08-28 19:25 ` Miklos Szeredi
2008-08-28 19:42 ` Tejun Heo
2008-08-28 20:02 ` Miklos Szeredi
2008-08-29 2:19 ` Tejun Heo
2008-08-29 7:59 ` Miklos Szeredi
2008-08-29 8:12 ` Tejun Heo
2008-08-29 8:29 ` Miklos Szeredi
2008-08-29 9:03 ` Tejun Heo
2008-08-29 19:17 ` Eric W. Biederman
2008-08-29 19:47 ` Arnd Bergmann
2008-08-30 11:40 ` Tejun Heo
2008-09-01 11:57 ` Miklos Szeredi
2008-09-01 12:03 ` Tejun Heo
2008-09-03 14:32 ` Eric W. Biederman
2008-09-03 14:40 ` Tejun Heo
2008-09-03 21:51 ` Eric W. Biederman
2008-09-04 0:09 ` Tejun Heo
2008-08-29 11:31 ` [fuse-devel] " Roger Willcocks
2008-08-29 11:54 ` Tejun Heo
2008-08-28 20:48 ` Alan Cox
2008-08-28 18:02 ` Tejun Heo
2008-08-28 18:14 ` Greg KH
2008-08-28 18:25 ` Tejun Heo
2008-08-28 18:20 ` H. Peter Anvin
2008-08-28 18:28 ` Tejun Heo
2008-08-28 19:08 ` H. Peter Anvin
2008-08-28 19:18 ` Miklos Szeredi
2008-08-28 20:21 ` H. Peter Anvin
2008-08-28 20:55 ` Miklos Szeredi
2008-08-28 21:27 ` H. Peter Anvin
2008-08-29 7:32 ` Miklos Szeredi
2008-08-28 17:41 ` [PATCH 6/7] FUSE: implement unsolicited notification Tejun Heo
2008-08-28 17:41 ` [PATCH 7/7] FUSE: implement poll support Tejun Heo
2008-08-28 18:20 ` [PATCHSET] FUSE: extend FUSE to support more operations Miklos Szeredi
2008-08-28 18:23 ` Tejun Heo
2008-10-14 8:21 ` Tejun Heo
2008-10-14 9:37 ` Miklos Szeredi
2008-10-14 12:16 ` [fuse-devel] " Szabolcs Szakacsits
2008-10-14 12:43 ` Miklos Szeredi
[not found] ` <2cff7cb50810141032m5793a405h7425dfa122fb67ba@mail.gmail.com>
2008-10-14 21:04 ` Miklos Szeredi
2008-11-12 8:41 ` Tejun Heo
2008-11-12 9:14 ` Christoph Hellwig
2008-11-12 9:30 ` Tejun Heo
2008-11-12 9:36 ` Miklos Szeredi
2008-11-12 9:43 ` [fuse-devel] " Mike Hommey
2008-11-12 10:00 ` Miklos Szeredi
2008-11-13 5:54 ` Tejun Heo
2008-11-13 6:06 ` Tejun Heo
2008-11-13 11:19 ` Miklos Szeredi
2008-11-13 11:29 ` Tejun Heo [this message]
2008-11-13 11:57 ` Miklos Szeredi
2008-11-13 12:14 ` Tejun Heo
2008-11-13 6:26 ` Tejun Heo
2008-11-13 11:47 ` Miklos Szeredi
2008-11-13 11:54 ` Tejun Heo
2008-11-13 11:58 ` Miklos Szeredi
2008-11-13 12:34 ` Miklos Szeredi
2008-11-13 13:23 ` Tejun Heo
2008-11-13 13:42 ` Miklos Szeredi
2008-11-13 14:29 ` Tejun Heo
2008-11-13 14:48 ` Miklos Szeredi
2008-11-13 15:10 ` Tejun Heo
2008-11-13 15:52 ` Miklos Szeredi
2008-11-13 16:00 ` Tejun Heo
2008-11-17 9:17 ` Tejun Heo
2008-11-17 10:16 ` [fuse-devel] " Miklos Szeredi
2008-11-18 3:32 ` Tejun Heo
2008-11-18 9:33 ` Miklos Szeredi
2008-11-18 10:30 ` Tejun Heo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=491C0FA0.5070500@kernel.org \
--to=tj@kernel.org \
--cc=fuse-devel@lists.sourceforge.net \
--cc=greg@kroah.com \
--cc=linux-kernel@vger.kernel.org \
--cc=miklos@szeredi.hu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.