Date: Fri, 05 Apr 2019 17:09:48 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 237052] [FUSEFS] fusefs allows non-owner access beneath mountpoint even without -o allow_other Message-ID: <bug-237052-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D237052 Bug ID: 237052 Summary: [FUSEFS] fusefs allows non-owner access beneath mountpoint even without -o allow_other Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: asomers@FreeBSD.org By default fuse mountpoints are supposed to be accessible only to the same = user who is running the daemon. The "-o allow_other" mount option overrides that and allows any user to access the mountpoint. However, our fusefs implementation has a bug: it only checks allow_other for access to the mountpoint itself. That's usually sufficient because VOP_LOO= KUP always starts at the mountpoint. However, there are cases when it doesn't, such as when using openat relative to a file within the fuse filesystem. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-237052-227>