[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Head Up: Prepare for dropping fuse group in the nearest future



On Wed, 2008-02-06 at 12:51 +0100, Alexander Larsson wrote:
> On Tue, 2008-02-05 at 18:05 +0100, Thorsten Leemhuis wrote:
> > 
> > Well, when I got fuse integrated into Fedora several well-known and
> > long-term Red Hat/Fedora developers said "it needs a security audit
> > before we drop the fuse group". Not that long ago when we discussed

...

> Now, its true that there is a small bit of setuid code, and it *could*
> have a bug in there. However, if that is the case we need to fix that
> even if we limit use of fuse to the fuse group. Especially now that fuse
> is getting more and more use so that most desktop users will want to be
> in that group. If you truly fear fuse, security-wise, the best thing to
> do is to not install it.

I had an idea about this. Instead of having this false security measure
(the fuse group) maybe we can get some actual security by making a
selinux policy for /bin/fusermount. We can make sure that it only is
allowed to do the minimal set of operations required for normal use.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]