[DTrace-devel] [PATCH 2/3] daemon: -o allow_other is useless, don't pass it in

[Nick Alcock]

The -o allow_other option to FUSE informs the kernel's FUSE-mounting API
that files on a given filesystem can be written to by users other than
the one running the daemon that mounted it.  Without this, not even root
can access it.

This serves to reduce the likelihood that users can attack each other
via badly-secured FUSE filesystems.

Back when I was struggling to get CUSE to work, I added this to the
argv options string passed to cuse_lowlevel_setup().  I never checked
after I got things working to see if it was actually needed, and it
turns out that since CUSE never mounts anything (it only creates a
device) and since CUSE bypasses the parts of FUSE that check whether
users are allowed to write to devices (relying instead on good old
permissions checking), the option is useless and ignored.

This has actually got less strict over time: libfuse 2 actually rejects
it and refuses to initialize.  So drop it entirely.

Signed-off-by: Nick Alcock <nick.alcock at oracle.com>
---
 dtprobed/dtprobed.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dtprobed/dtprobed.c b/dtprobed/dtprobed.c
index 3d1b97514442..b76bc213e650 100644
--- a/dtprobed/dtprobed.c
+++ b/dtprobed/dtprobed.c
@@ -560,8 +560,8 @@ main(int argc, char *argv[])
 	 * These are "command-line" arguments to FUSE itself: our args are
 	 * different.  The double-NULL allows us to add an arg.
 	 */
-	char *fuse_argv[] = { argv[0], "-f", "-s", "-o", "allow_other", NULL, NULL };
-	int fuse_argc = 5;
+	char *fuse_argv[] = { argv[0], "-f", "-s", NULL, NULL };
+	int fuse_argc = 3;
 
 	while ((opt = getopt(argc, argv, "Fdn:t:")) != -1) {
 		switch (opt) {
-- 
2.35.1