On Tue, Oct 21, 2014 at 2:34 PM, Michael j Theall <[email protected]> wrote: > Andy Lutomirski <[email protected]> wrote on 10/21/2014 04:27:13 PM: >> But how does this help with FUSE at all? Does FUSE end up calling >> xattr_permission? >> >> --Andy >> > > The xattr system calls go through xattr_permission before it ever gets to > the FUSE ops.
But a malicious FUSE filesystem can just put those xattrs there by fiat, the same way that my old FUSE-based sploit put a setuid root copy of bash in the filesystem. No setxattr calls are needed. --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
