Comment 44 for bug 225361
Revision history for this message
| Ralph Corderoy (ralph-inputplus) wrote Re: [Bug 225361] Re: ~/.gvfs causes various errors | #44 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
Nikolaus wrote:
> > https:/
> > I understand this configuration of FUSE has been chosen because of
> > security concerns, as opposed to using its allow_users or allow_root
> > options.
>
> This is not a valid concern. In Ubuntu, allow_root is by default
> enabled in /etc/fuse.conf.
In my untouched 8.04 /etc/fuse.conf, both mount_max and user_allow_other
are commented out, meaning the file has no active options.
> So even if gvfs does not use --allow-root, a malicious user can simply
> mount a filesystem of his choice manually and with --allow-root.
It's my understanding that Ubuntu have set up automounting of user
filesystems (non-FUSE ones) so a malicious user can have root mount
their concocted filesystem anyway, so I'm not sure what the current
troublesome, non-Unix, FUSE configuration is protecting us from?