From owner-freebsd-bugs@freebsd.org  Fri Apr  5 17:21:50 2019
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C9BE51552B0D
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Fri,  5 Apr 2019 17:21:50 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id 63D296C538
 for <freebsd-bugs@freebsd.org>; Fri,  5 Apr 2019 17:21:50 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: by mailman.ysv.freebsd.org (Postfix)
 id 243E51552B0C; Fri,  5 Apr 2019 17:21:50 +0000 (UTC)
Delivered-To: bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 119CB1552B0B
 for <bugs@mailman.ysv.freebsd.org>; Fri,  5 Apr 2019 17:21:50 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.ysv.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 9F7976C534
 for <bugs@FreeBSD.org>; Fri,  5 Apr 2019 17:21:49 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id CC9F4CF58
 for <bugs@FreeBSD.org>; Fri,  5 Apr 2019 17:21:48 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id x35HLmjD004317
 for <bugs@FreeBSD.org>; Fri, 5 Apr 2019 17:21:48 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
Received: (from bugzilla@localhost)
 by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id x35HLmbU004316
 for bugs@FreeBSD.org; Fri, 5 Apr 2019 17:21:48 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to
 bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: bugs@FreeBSD.org
Subject: [Bug 237052] [FUSEFS] fusefs allows non-owner access beneath
 mountpoint even without -o allow_other
Date: Fri, 05 Apr 2019 17:21:48 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: CURRENT
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Many People
X-Bugzilla-Who: commit-hook@freebsd.org
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-237052-227-nFXbw9siLQ@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-237052-227@https.bugs.freebsd.org/bugzilla/>
References: <bug-237052-227@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Apr 2019 17:21:51 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D237052

--- Comment #1 from commit-hook@freebsd.org ---
A commit references this bug:

Author: asomers
Date: Fri Apr  5 17:21:24 UTC 2019
New revision: 345958
URL: https://svnweb.freebsd.org/changeset/base/345958

Log:
  fusefs: enforce -onoallow_other even beneath the mountpoint

  When -o allow_other is not in use, fusefs is supposed to prevent access to
  the filesystem by any user other than the one who owns the daemon.  Our
  fusefs implementation was only enforcing that restriction at the mountpoi=
nt
  itself.  That was usually good enough because lookup usually descends from
  the mountpoint.  However, there are cases when it doesn't, such as when
  using openat relative to a file beneath the mountpoint.

  PR:           237052
  Sponsored by: The FreeBSD Foundation

Changes:
  projects/fuse2/sys/fs/fuse/fuse_internal.c
  projects/fuse2/tests/sys/fs/fusefs/allow_other.cc

--=20
You are receiving this mail because:
You are the assignee for the bug.=