lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 13 Nov 2008 15:06:27 +0900
From:	Tejun Heo <tj@...nel.org>
To:	Miklos Szeredi <miklos@...redi.hu>
CC:	fuse-devel@...ts.sourceforge.net, greg@...ah.com,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCHSET] FUSE: extend FUSE to support more operations

Tejun Heo wrote:
>> I still got qualms about this ioctl thing.  One is the security
>> aspect, but that could be dealt with.  The other is that I really
>> really don't want people to start implementing new custom ioctls for
>> their filesystems, as I think that way lies madness.  We could limit
>> ioctls to CUSE and that would be fine with me.  Or for non-CUSE users
>> we could enforce the "standard" format where the type and length is
>> encoded in the command number.
> 
> For now, I'll limit ioctl to CUSE.  Hmmm... Yeah, limiting ioctl to
> well-formatted ones sounds like a good idea.
> 
>> I don't have any problems with the iterative way you implemented
>> ioctls.  We just need some additional restrictions to the current
>> implementation, I think.

I've been thinking about this a bit more.  What do you think about
putting the following restrictions?

1. FUSE server can only support well-formed ioctls.  At the kernel side,
the interfaces remains the same for both FUSE and CUSE but libfuse only
exports well-formed ioctl API.

2. ioctl can only be used by FUSE server running as root (would this be
necessary?  I'm not sure.  To me it seems all the necessary protections
are already there).

Thanks.

-- 
tejun
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ