Head Up: Prepare for dropping fuse group in the nearest future

Steve Grubb sgrubb at redhat.com
Fri Feb 8 13:32:59 UTC 2008

On Friday 08 February 2008 07:26:53 Alexander Larsson wrote:
> On Thu, 2008-02-07 at 10:29 -0500, Steve Grubb wrote:
> > > Now, Gnome (and many other things) start using fuse because it lets you
> > > implement very desireable features.
> >
> > What are these desirable features? Just curious since I may wind up doing
> > a lot of code review.
> There are many cases where you as a user want to access and/or modify
> something that contains files.

Which brings up something, I spent the last 3 years getting the audit system 
working everywhere. Does filesystem auditing still work under fuse? When a 
user mounts a filesystem, is that auditable? Does fuse support extended 
attributes & SE Linux enforcement is still working correctly?

> However most apps don't use these interfaces so they can't access files
> like this. The standard way to access files is through the syscall
> interface, and then things must be mounted, meaning the implementation
> generally lives in the kernel with all the issues related to that.

And the protection to the system enforced by the kernel. :)

> Some things like loopback mounting an iso is possible, but requires root
> access, even if the file is readable by the user. Other things are just
> not possible.

Which is sensible. Remember my fsfuzzer tool? Its found some flaws in 
fliesystems that could be exploitable with some work. I have not yet had the 
time to fuzz fuse since its never really be seriously considered for any of 
our work.

> However, with fuse these things can be solved. The filesystem
> implementation runs as the user, and user syscalls are proxied to the
> filesystem process via a pipe.

You cannot do auditing from userspace very well. It requires CAP_AUDIT_WRITE 
and maybe some other permissions.

> This means that anything "filesystem like" that can be accessed from
> userspace can be accessed by all applications. So, for instance, you can get
> things like remote filesystem access via ssh, easily mountable network
> filesystems (smb, ftp, nfs) and user-mountable loopback mounts.

But we already have things like that with auditing and security checks in 
place. :)  


More information about the fedora-devel-list mailing list