Nikolaus wrote: > > https://bugs.launchpad.net/ubuntu/+source/gvfs/+bug/225361/comments/11 > > I understand this configuration of FUSE has been chosen because of > > security concerns, as opposed to using its allow_users or allow_root > > options. > > This is not a valid concern. In Ubuntu, allow_root is by default > enabled in /etc/fuse.conf.
In my untouched 8.04 /etc/fuse.conf, both mount_max and user_allow_other are commented out, meaning the file has no active options. > So even if gvfs does not use --allow-root, a malicious user can simply > mount a filesystem of his choice manually and with --allow-root. It's my understanding that Ubuntu have set up automounting of user filesystems (non-FUSE ones) so a malicious user can have root mount their concocted filesystem anyway, so I'm not sure what the current troublesome, non-Unix, FUSE configuration is protecting us from? -- ~/.gvfs causes various errors https://bugs.launchpad.net/bugs/225361 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is the registrant for gvfs. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
