[DTrace-devel] [PATCH 2/3] daemon: -o allow_other is useless, don't pass it in
Kris Van Hees
kris.van.hees at oracle.com
Tue Nov 8 05:42:56 UTC 2022
On Mon, Nov 07, 2022 at 10:09:21PM +0000, Nick Alcock via DTrace-devel wrote:
> The -o allow_other option to FUSE informs the kernel's FUSE-mounting API
> that files on a given filesystem can be written to by users other than
> the one running the daemon that mounted it. Without this, not even root
> can access it.
>
> This serves to reduce the likelihood that users can attack each other
> via badly-secured FUSE filesystems.
>
> Back when I was struggling to get CUSE to work, I added this to the
> argv options string passed to cuse_lowlevel_setup(). I never checked
> after I got things working to see if it was actually needed, and it
> turns out that since CUSE never mounts anything (it only creates a
> device) and since CUSE bypasses the parts of FUSE that check whether
> users are allowed to write to devices (relying instead on good old
> permissions checking), the option is useless and ignored.
>
> This has actually got less strict over time: libfuse 2 actually rejects
> it and refuses to initialize. So drop it entirely.
>
> Signed-off-by: Nick Alcock <nick.alcock at oracle.com>
Reviewed-by: Kris Van Hees <kris.van.hees at oracle.com>
> ---
> dtprobed/dtprobed.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/dtprobed/dtprobed.c b/dtprobed/dtprobed.c
> index 3d1b97514442..b76bc213e650 100644
> --- a/dtprobed/dtprobed.c
> +++ b/dtprobed/dtprobed.c
> @@ -560,8 +560,8 @@ main(int argc, char *argv[])
> * These are "command-line" arguments to FUSE itself: our args are
> * different. The double-NULL allows us to add an arg.
> */
> - char *fuse_argv[] = { argv[0], "-f", "-s", "-o", "allow_other", NULL, NULL };
> - int fuse_argc = 5;
> + char *fuse_argv[] = { argv[0], "-f", "-s", NULL, NULL };
> + int fuse_argc = 3;
>
> while ((opt = getopt(argc, argv, "Fdn:t:")) != -1) {
> switch (opt) {
> --
> 2.35.1
>
>
> _______________________________________________
> DTrace-devel mailing list
> DTrace-devel at oss.oracle.com
> https://oss.oracle.com/mailman/listinfo/dtrace-devel
More information about the DTrace-devel
mailing list