[Bug 173345] Review Request: fuse

bugzilla at redhat.com bugzilla at redhat.com
Thu Nov 17 09:41:19 UTC 2005 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: Review Request: fuse


https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=173345





------- Additional Comments From triad at df.lth.se  2005-11-17 04:41 EST -------
The discussion here already start to resemble what we already had on the
Fedora Extras list. The points raised was these:

1. Some people expressed disbelief in the FUSE security system, and
   wanted to restrict its use to things listed in /etc/fstab. A 
   special concern raised was that sshfs would be able to mount most
   anything.

2. Protest from me (perhaps some others too) that this was not good,
   and actually, just mounting things listed in /etc/fstab is not
   what FUSE is intended for. (See package description above!)

IMHO the most reasonable thing is to package FUSE suid root as the 
developers intended it, and the developers claim this is secure.
If sysadmins don't like the goals of the FUSE project or do not
believe it is secure though it's claimed to be, they should not 
install the FUSE packages at all.

With respect to the worry of sshfs mounting just anything, the
way suid-mounting something using sshfs+FUSE would be different 
from using GNOME VFS on top of common ssh evades me totally. 
Just that the kernel is involved and something is run suid root 
doesn't change the basic concept, its just a matter of whether
kernel VFS or GNOME VFS is involved in the operation, the result
is the same: user mounts whatever user wants and that's cool.

FUSE provides infrastructure for a lot of nice userland things
and sshfs will presumably not be the most interesting thing
that can be done with it, so I discourage this narrow focus on
one single application. I have been waiting for FUSE so that
I can then package EncFS, a use case that would be destroyed or
hampered beyond repair by crippling fusermount like this.

Sorry if stressing my opinion this hard hurts anyones feelings.
I'm no sysadmin so please enlighten us to where exactly the
problems with FUSE+sshfs are, I don't get it, could be out of
my ignorace or misinformedness.

-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

More information about the fedora-extras-list mailing list