fuse (Was Re: early-gdm redux)
Thorsten Leemhuis
fedora at leemhuis.info
Wed Sep 19 07:38:34 UTC 2007
On 19.09.2007 09:09, Alexander Larsson wrote:
> On Tue, 2007-09-18 at 19:41 +0200, Thorsten Leemhuis wrote:
>> Thus I'm not even able to read from it:
>>
>> $ dd if=/dev/sda3 bs=512K count=1 | strings
>> dd: opening `/dev/sda3': Permission denied
>>
>> Life sucks, but that's how things are supposed to be in linux/unix land
>> as far as I know. But well, for fuse there seem to exist different rules:
>>
>> $ mkdir ntfs
>> $ /sbin/mount.ntfs-3g /dev/sda3 ntfs/
>> $ touch ntfs/foo
>> $ ls -l ntfs/foo
>> -rwxrwxrwx 1 thl thl 0 18. Sep 19:27 ntfs/foo
>>
>> Which brings me to my questions: Can somebody please explain why the
>> above it working? Does it mean that if I write my own malicious
>> fuse.ext3 userspace driver that I can mount each and every block-device
>> on my system and read or modify the files on it (all by using fuse)?
>> What if there is a small error in mount.ntfs-3g somewhere -- could it be
>> abused to destroy a partition on my system while being a ordinary user?
>
> Thats quite weird. [...]
Agreed. But I got the impression that how some users expect it to work.
> Is /sbin/mount.ntfs-3g setuid perhaps?
Yes:
$ ls -l /sbin/mount.ntfs-3g
-rwsr-xr-- 1 root fuse 40528 26. Aug 16:50 /sbin/mount.ntfs-3g
CU
knurd
More information about the Fedora-desktop-list
mailing list