Date: Thu, 21 Mar 2019 11:59:22 -0400 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Alan Somers <asomers@freebsd.org> Cc: FreeBSD CURRENT <freebsd-current@freebsd.org>, freebsd-fs <freebsd-fs@freebsd.org> Subject: Re: HEAD'S UP: fusefs sysctls going away Message-ID: <20190321155922.rdsnvyztssgmms2x@mutt-hbsd> In-Reply-To: <CAOtMX2gqmVAZumDsB9_6YaOeZsFF5m3NN4aibL=8CYNWDGo3OA@mail.gmail.com> References: <CAOtMX2i9qwhNTdCgNxxUOmf=FZAOmD7w=T8vmvyF-9-P0iw-CQ@mail.gmail.com> <20190321154817.2lgwjzl4o2urlmdw@mutt-hbsd> <CAOtMX2gqmVAZumDsB9_6YaOeZsFF5m3NN4aibL=8CYNWDGo3OA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--hufympp2ubog24yz Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 21, 2019 at 09:55:15AM -0600, Alan Somers wrote: > On Thu, Mar 21, 2019 at 9:49 AM Shawn Webb <shawn.webb@hardenedbsd.org> w= rote: > > > > Hey Alan, > > > > Thank you very much for your work in maintaining fusefs. I only use > > fusefs in very limited circumstances, so take what I'm about to say > > with a grain of salt. > > > > On Thu, Mar 21, 2019 at 09:43:07AM -0600, Alan Somers wrote: > > > fusefs has several sysctl knobs that seem to be workarounds for bugs > > > in particular fuse daemons. However, there is no indication as to > > > which those daemons are, neither in the code nor in SVN. All of the > > > workarounds are at least 6.5 years old, so the original bugs may have > > > been fixed already. Since the original bugs aren't documented, I > > > consider these workarounds to be unmaintainable, and I'm planning to > > > delete them unless anybody objects. Please pipe up if you still use > > > them! > > > > > > vfs.fusefs.mmap_enable: If non-zero, and data_cache_mode is also > > > non-zero, enable mmap(2) of FUSE files > > > > I'm curious if the security impacts of removing the toggle to disable > > mmap support for fusefs. Is there a per-fusefs replacement for > > mmap_enable? From a security perspective, it would be nice to keep the > > ability to disable mapping of files mounted on a fusefs. >=20 > As a matter of fact, there are three other ways to disable mmap: > 1) Set vfs.fusefs.data_cache_mode=3D0. This completely disables caching > file data, which precludes mmap. > 2) Use the undocumented -o no_datacache mount option, which does the > same thing on a per-mount basis. > 3) Use the undocumented -o no_mmap mount option, which disables mmap > on a per-mount basis. Awesome! I wasn't aware of these. Thanks! >=20 > Are you aware of any general security problems with using mmap? > Anything that would apply to fusefs but not other filesystems? Primarily because I trust the filesystems natively implemented in my OS more than I trust some (potentially random) fusefs module. For example, if I'm in a shared hosting environment, implemented with jails, and I let the customer mount a fusefs module in the jail (which is now possible, if I remember right), then I must trust that the module's mmap integration is properly implemented. I'm not sure I personally am okay with that level of trust. However, the point is moot now that you documented the three ways to disable mmap (two of which work on a per-mount basis). Thanks, --=20 Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal: +1 443-546-8752 Tor+XMPP+OTR: lattera@is.a.hacker.sx GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --hufympp2ubog24yz Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKrq2ve9q9Ia+iT2eaoRlj1JFbu4FAlyTtNUACgkQaoRlj1JF bu7pBxAAu9dQmpqs6FBiTaEZYr7+EUw0dBynp7/0Y3ER/2I5vsB4I+cxZ9QgDnGe O2MaT7hwx3tjj/70r6igr6zcjB0EgNY4C8P4T/7vtE9kAIg0uJoamjwYoD1+cceh U1yIa1AKO4mIYHUbYRfUlXVj5FZla5rYvKYNW1xRht/2Kl5nEIdX0kx2OJJ0e+6R XEhu9TXEvz4VJpRG3B5H1r1j92IrfKRm5Fbs3FpGdWqFgCZEqllnP9KpydIqaNQd MklkuhukkqFVr+ydPKIo38gVRBgDglf8VFheJK2b141LsvGk03tLxo8aK2Urtnm1 22omMRSyClogDGXcnqCwJQmu5LpKbWoB8jrkqiaiiOq3yWGJ86GIwECGgWr8TXUi iAinXiEQZOQYha20r+nVQJBnTtSydpa66EgX06+2gb0TojaHUa4elPpUgG+8W7Tk +V6ZZiUKj7xwaLtunqFgWZbgYU5FNCjqL080agYaN3nimg73ABdfNxcEitl1f46Q ABeXc8KzAj9G8Xt3D4LWJdkXEcmEqdwMY3MmirrUnm/GaHWeUyhnXaLnumIHsAqz UwW0YU3Tky1+gWdT7776igWUrAGg/JHmpqZAdTroTEG0o13ZkNoSCmSWBvk14aSd TO74uh4mgAbDb48CQmRUT6nm2B4Rucf2iWIE1zeV/B0Akjm9FBA= =LcA3 -----END PGP SIGNATURE----- --hufympp2ubog24yz--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190321155922.rdsnvyztssgmms2x>