Ralph Corderoy <[EMAIL PROTECTED]> writes:
> Nikolaus wrote:
>> > https://bugs.launchpad.net/ubuntu/+source/gvfs/+bug/225361/comments/11
>> > I understand this configuration of FUSE has been chosen because of
>> > security concerns, as opposed to using its allow_users or allow_root
>> > options.
>>
>> This is not a valid concern. In Ubuntu, allow_root is by default
>> enabled in /etc/fuse.conf.
>
> In my untouched 8.04 /etc/fuse.conf, both mount_max and
> user_allow_other are commented out, meaning the file has no active
> options.
Hmm. I'm running 8.04 as well, and here it is enabled. I don't
remember changing it either. However, this is not a fresh install but
has been upgraded several times, so maybe the setting survived from an
older release.
>> So even if gvfs does not use --allow-root, a malicious user can simply
>> mount a filesystem of his choice manually and with --allow-root.
>
> It's my understanding that Ubuntu have set up automounting of user
> filesystems (non-FUSE ones) so a malicious user can have root mount
> their concocted filesystem anyway, so I'm not sure what the current
> troublesome, non-Unix, FUSE configuration is protecting us from?
Yes, I don't see any point in that either.
Best,
-Nikolaus
--
»It is not worth an intelligent man's time to be in the majority.
By definition, there are already enough people to do that.«
-J.H. Hardy
PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6 02CF A9AD B7F8 AE4E 425C
--
~/.gvfs causes various errors
https://bugs.launchpad.net/bugs/225361
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is the registrant for gvfs.
--
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
