From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [patch 8/8] allow unprivileged fuse mounts
Date: Sat, 21 Apr 2007 00:55:16 -0700
Message-ID: <20070421005516.18e0c797.akpm@linux-foundation.org>
References: <20070420102532.385211890@szeredi.hu>
	<20070420102656.364689151@szeredi.hu>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: serue@us.ibm.com, viro@ftp.linux.org.uk, linuxram@us.ibm.com,
	ebiederm@xmission.com, linux-fsdevel@vger.kernel.org,
	linux-kernel@vger.kernel.org, containers@lists.osdl.org
To: Miklos Szeredi <miklos@szeredi.hu>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from smtp1.linux-foundation.org ([65.172.181.25]:49905 "EHLO
	smtp1.linux-foundation.org" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with ESMTP id S1030351AbXDUH45 (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Sat, 21 Apr 2007 03:56:57 -0400
In-Reply-To: <20070420102656.364689151@szeredi.hu>
Sender: linux-fsdevel-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

On Fri, 20 Apr 2007 12:25:40 +0200 Miklos Szeredi <miklos@szeredi.hu> wrote:

> Use FS_SAFE for "fuse" fs type, but not for "fuseblk".
> 
> FUSE was designed from the beginning to be safe for unprivileged
> users.  This has also been verified in practice over many years.

How does FUSE do this?

There are obvious cases like crafting a filesystem which has setuid executables
or world-writeable device nodes or whatever.  I'm sure there are lots of other
cases.

Where is FUSE's implementation of all this protection described?