Date: Sat, 3 Aug 2024 16:00:39 +0000 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Alan Somers <asomers@freebsd.org> Cc: Jamie Landeg-Jones <jamie@catflap.org>, freebsd-hackers@freebsd.org Subject: Re: RFC: ACLs on fusefs Message-ID: <drs3qfdinxk4siilsayycgp6imlzkmtxihhvtyhw3bssyszjgh@v7v4cav4ibcx> In-Reply-To: <CAOtMX2gHnNna_o6ig23PEPabWnQzPvQe-N8N%2BV8CAdsY-AzCBQ@mail.gmail.com> References: <CAOtMX2jska_8yG0tf31nEFDQCkQODim8yLBt2qRQ4LbBVc8ZAQ@mail.gmail.com> <202408030413.4734D5gd042998@donotpassgo.dyslexicfish.net> <CAOtMX2gHnNna_o6ig23PEPabWnQzPvQe-N8N%2BV8CAdsY-AzCBQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--ren7enky4jnymnu3 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Aug 03, 2024 at 09:03:38AM -0600, Alan Somers wrote: > On Fri, Aug 2, 2024 at 10:13=E2=80=AFPM Jamie Landeg-Jones <jamie@catflap= =2Eorg> wrote: > > > > Alan Somers <asomers@FreeBSD.org> wrote: > > > > > TLDR; > > > how useful would it be if fusefs(4) could support ACLs? > > > > I, personally, don't use ACLs generally, so have not missed them on > > fusefs. > > > > However, I do make extensive use of XATTRs, so those are what I've > > really missed. > > > > I didn't know xatrs were now supported - is that a new thing, or maybe > > the client I use (borgs sshfs implementation) needs to be updated? > > > > Cheers, Jamie >=20 > Our fusefs has supported xattrs for a long time. But the specific > fuse file system needs support too. Looking right now, I don't see > any support in sysutils/fusefs-sshfs . In fact, I have a (significantly buggy) proof-of-concept fusefs server that stores file payload data as extended attributes. Since the tar file format supports extended attributes, this makes data exfiltration somewhat easier. Though, I suppose, since my proof-of-concept is buggy, using my solution would make data exfil somewhat more difficult. ;-) Hopefully someday, I'll have the time to finish the PoC and make it usable for production. PoC code: https://git.hardenedbsd.org/shawn.webb/altfs Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50 https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --ren7enky4jnymnu3 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmauVCAACgkQ/y5nonf4 4fp8wxAAhIuxX9brcIWuwdSfg+tQZuViyrtWH3k6l32LWohknJLnPPMWO/vCNePu UO7G8WeWA3iJQwAxnXt3eOf9EpOEaTSUfTACr78NSK9XTzIvT4DSzNetT9VQ1TKx x7xOENH6jxXNR/x8/K8F2l+8DOmevl7FcP7A4TLDoiLYnibZw5xP+XVnEwEnFFXv gcpBNzNbBfkH1lNTRUiYRkx6gnUTsyAy4xj9auznQdFGsI+951j8lNTK2tu/Fmba 6hUcdUNrOZcejVIkT3Eu29tf0qE6mcODM17zeZ/ShY+ZNnH51aetGWFtur0PgSrI t/a69UJ6XzFjmjaAw2+NmgZuveIXNGdaDXIcDskGCpm87aZMLScXoym4kEgFjYnw VLx04BVG5q3Yjd/f70dhKO/coRYGudndkuDkYNE54ZelQBZALGuUTEq3VAevJN9g i+XX1hjYjEJxsFVKUdkzUaTdy5s+Wr8ODrbrAn15nClGp1UswoU+F1WDe59EJtgE DO4HfOkgt0JFPG29iPgvOapcTw0dOX4zBN1K/nAFT5ejg6M25XXHruGiqC1G1Fdx XjoY+GItzENkNXwXgDxmpHhKrBLb+KkIyGbnQFo4yK/1sJclambmiFlMAl0TG1p/ ZqEY5j7GsMkrrPA5BO+cKLIe+9eLQ8V3ss5c4+1LdjGcEUbm0E8= =HfKq -----END PGP SIGNATURE----- --ren7enky4jnymnu3--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?drs3qfdinxk4siilsayycgp6imlzkmtxihhvtyhw3bssyszjgh>