From: "U.Mutlu" <for-gmane@mutluit.com>
To: linux-ext4@vger.kernel.org
Subject: Re: generic question: user-only directory w/o root access
Date: Sat, 6 Jun 2015 19:46:14 +0200 [thread overview]
Message-ID: <mkvbl6$bdr$1@ger.gmane.org> (raw)
In-Reply-To: <20150606154209.GA15306@thunk.org>
Theodore Ts'o wrote on 06/06/2015 05:42 PM:
> On Sat, Jun 06, 2015 at 09:19:40AM +0200, U.Mutlu wrote:
>> I posted hello.c (a FUSE demo) in this thread. It is IMO even more secure
>> than the private namespace mount method. The simple reason is:
>> because granting access to the volume (or to a single dir/file)
>> is done inside that user-code itself, ie. the user/owner controls
>> whom he actually gives access.
>> I'm sorry to say this, but this simply proves your last statement above wrong.
>
> So the root user ptraces the FUSE daemon, and it's all she wrote.
Protection against tracing and debugging:
inside the user-application ie. here the FUSE-client,
and also inside the FUSE daemon:
ptrace(PT_DENY_ATTACH, 0, 0, 0);
Of course one would need to recompile the FUSE daemon.
The company can enforce such a security policy.
And while we are at it, I would add a new option to the FUSE daemon,
so that the client-app can query it before issuing the mount call,
whether it has that protection built in or not, and proceed accordingly...
IMO a solvable problem.
next prev parent reply other threads:[~2015-06-06 17:46 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-31 16:07 generic question: user-only directory w/o root access U.Mutlu
2015-05-31 18:59 ` Theodore Ts'o
2015-05-31 22:45 ` U.Mutlu
2015-05-31 23:14 ` U.Mutlu
2015-06-01 1:39 ` Linux unshare -m for per-process private filesystem mount points U.Mutlu
2015-06-04 1:44 ` generic question: user-only directory w/o root access Theodore Ts'o
2015-06-04 11:29 ` Lukáš Czerner
2015-06-04 13:24 ` U.Mutlu
2015-06-05 14:14 ` Theodore Ts'o
2015-06-05 19:24 ` U.Mutlu
2015-06-06 0:33 ` Theodore Ts'o
2015-06-06 7:19 ` U.Mutlu
2015-06-06 15:42 ` Theodore Ts'o
2015-06-06 17:46 ` U.Mutlu [this message]
2015-06-06 19:48 ` Theodore Ts'o
2015-06-08 0:12 ` U.Mutlu
2015-06-08 3:18 ` Theodore Ts'o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='mkvbl6$bdr$1@ger.gmane.org' \
--to=for-gmane@mutluit.com \
--cc=linux-ext4@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.