https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=237052
Bug ID: 237052
Summary: [FUSEFS] fusefs allows non-owner access beneath
mountpoint even without -o allow_other
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: kern
Assignee: [email protected]
Reporter: [email protected]
By default fuse mountpoints are supposed to be accessible only to the same user
who is running the daemon. The "-o allow_other" mount option overrides that
and allows any user to access the mountpoint.
However, our fusefs implementation has a bug: it only checks allow_other for
access to the mountpoint itself. That's usually sufficient because VOP_LOOKUP
always starts at the mountpoint. However, there are cases when it doesn't,
such as when using openat relative to a file within the fuse filesystem.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[email protected]"
