From mboxrd@z Thu Jan  1 00:00:00 1970
From: ebiederm@xmission.com (Eric W. Biederman)
Subject: Re: [PATCH] fuse: Only allow read/writing user xattrs
Date: Sat, 06 Oct 2012 16:42:05 -0700
Message-ID: <87zk3zgoc2.fsf@xmission.com>
References: <87boggpm7r.fsf@xmission.com>
	<CACLa4pue6Bb-37+u03C4=yva=SKDhxNyZyVgvv5dAmt-1ryzBQ@mail.gmail.com>
	<87a9vzlimm.fsf@xmission.com>
	<CACLa4pspCPnziaobcLN_QXRZ8quVPi4gTnyA0GO=uxmDWoA_kw@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain
Cc: Miklos Szeredi <miklos@szeredi.hu>, linux-fsdevel@vger.kernel.org,
	linux-security-module@vger.kernel.org
To: Eric Paris <eparis@parisplace.org>
Return-path: <linux-security-module-owner@vger.kernel.org>
In-Reply-To: <CACLa4pspCPnziaobcLN_QXRZ8quVPi4gTnyA0GO=uxmDWoA_kw@mail.gmail.com>
	(Eric Paris's message of "Sat, 6 Oct 2012 11:57:35 -0400")
Sender: linux-security-module-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

Eric Paris <eparis@parisplace.org> writes:

> Why trust uids or rwx bits.  Might as well do away with those as well,
> right?

Lying to your own userspace processes (which you can do with LD_PRELOAD)
is rather different than lying to the selinux or the smack modules.

What I am saying with my patch is that fuse is remarkably non-nuanced
in how it interacts with extended attributes, and that it appears
very clear that there are bugs in the area of unprivileged mounts that
need to be addressed.

I am happy to hear about better solutions.  Telling me it's not a bug
and sticking your head in the sand is quite amusing.

Eric