Ralph Corderoy <email address hidden> writes:
> Nikolaus Rath and S B, take a look at my earlier comment
> https://bugs.launchpad.net/ubuntu/+source/gvfs/+bug/225361/comments/11 I
> understand this configuration of FUSE has been chosen because of
> security concerns, as opposed to using its allow_users or allow_root
> options.
This is not a valid concern. In Ubuntu, allow_root is by default
enabled in /etc/fuse.conf. So even if gvfs does not use --allow-root,
a malicious user can simply mount a filesystem of his choice manually
and with --allow-root.
If --allow-root poses a security risk, it has to be disabled in
/etc/fuse.conf and not in individual applications that happen to call
fuse.
Best,
-Nikolaus
--
»It is not worth an intelligent man's time to be in the majority.
By definition, there are already enough people to do that.« -J.H. Hardy
Ralph Corderoy <email address hidden> writes: /bugs.launchpad .net/ubuntu/ +source/ gvfs/+bug/ 225361/ comments/ 11 I
> Nikolaus Rath and S B, take a look at my earlier comment
> https:/
> understand this configuration of FUSE has been chosen because of
> security concerns, as opposed to using its allow_users or allow_root
> options.
This is not a valid concern. In Ubuntu, allow_root is by default
enabled in /etc/fuse.conf. So even if gvfs does not use --allow-root,
a malicious user can simply mount a filesystem of his choice manually
and with --allow-root.
If --allow-root poses a security risk, it has to be disabled in
/etc/fuse.conf and not in individual applications that happen to call
fuse.
Best,
-Nikolaus
--
-J.H. Hardy
»It is not worth an intelligent man's time to be in the majority.
By definition, there are already enough people to do that.«
PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6 02CF A9AD B7F8 AE4E 425C