[Bug 173345] Review Request: fuse
bugzilla at redhat.com
bugzilla at redhat.com
Thu Nov 17 15:44:50 UTC 2005
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: fuse
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=173345
------- Additional Comments From miklos at szeredi.hu 2005-11-17 10:44 EST -------
(In reply to comment #4)
> Packaging /usr/bin/fusermount as 0755 and expecting the sysadmin to set it to
> 4755 in order to use it is not a good option, because upon package update it
> will change the permission back to the default.
An alternative is to restrict access to /dev/fuse and install
/usr/bin/fusermount with 4755.
> In the mean time if you have any further information
> about the security risks of this, including any proof of code audits or design
> details of the system please submit links here for our analysis.
No security audit has been done on any part of FUSE. Prior to inclusion into
Linux, the kernel part was reviewed by a couple of people, but without special
attention to security.
The above alternative would "only" require an audit of fusermount, but of course
a full audit (kernel module + fusermount) would be nice.
The long term goal is to make mount() syscall unprivileged (with policy
controllable via sysctl and ulimit), and so remove the requirement for a suid
mount helper. The earliest this could happen is 2.6.16.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the fedora-extras-list
mailing list