Bug#724690: sshfs: user's mountpoint is not accessible by root
On Thu 26/Sep/2013 19:04:19 +0200 Bastien ROUCARIES wrote: Not a bug a security feature SEE fuse man page. I understand those security concerns. What I'm asking is that just the mountpoint be accessible to root, not the remote files. That would be enough for root to learn that the directory contents reside on a different device. I see no other way to avoid breaking scripts such as check-setuid (package checksecurity). -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#724690: sshfs: user's mountpoint is not accessible by root
On Fri, Sep 27, 2013 at 10:56 AM, Alessandro Vesely ves...@tana.it wrote: On Thu 26/Sep/2013 19:04:19 +0200 Bastien ROUCARIES wrote: Not a bug a security feature SEE fuse man page. I understand those security concerns. What I'm asking is that just the mountpoint be accessible to root, not the remote files. That would be enough for root to learn that the directory contents reside on a different device. I see no other way to avoid breaking scripts such as check-setuid (package checksecurity). Distro people should start thinking about doing per-user namespaces. It would clean up the fuse mount vs. root access mess. Not sure who would be responsible for such decisions. Perhaps as a first step, PAM maintainer could be asked? Thanks, Miklos -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#724690: sshfs: user's mountpoint is not accessible by root
Package: sshfs Version: 2.4-1 Severity: normal Superuser has access to anything on a given machine, usually. However, after a user mounts sshfs, the mount point becomes unreadable by other shells: stat says Permission denied even to root. The ability to stat mountpoints would allow commands like `find / -xdev ...` to complete without errors when issued by root. -- System Information: Debian Release: 7.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.41ale20 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages sshfs depends on: ii fuse2.9.0-2+deb7u1 ii libc6 2.13-38 ii libfuse22.9.0-2+deb7u1 ii libglib2.0-02.33.12+really2.32.4-5 ii openssh-client 1:6.0p1-4 sshfs recommends no packages. sshfs suggests no packages. -- debconf-show failed -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org