Comment 47 for bug 225361
Revision history for this message
| Phillip Susi (psusi) wrote Re: [Bug 225361] Re: ~/.gvfs causes various errors | #47 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
Ralph Corderoy wrote:
> It is a bug in that, under Unix, by design, that should *never* happen
> to a process running as root.
Maybe 20 years ago, but these days being root does NOT mean you can do
anything ( take a look at SELinux ). Heck, even 20 years ago root ran
into issues like this with NFS. .gvfs is working as designed.
> Sorry, that's not possible. As root, it's entirely valid, and not
> uncommon, for me to run `find / ...' which will descend and find .gvfs
> wherever to decide to move it to.
And you need to deal with access denied errors.
> Nikolaus Rath and S B, take a look at my earlier comment
> https:/
> understand this configuration of FUSE has been chosen because of
> security concerns, as opposed to using its allow_users or allow_root
> options. However, I'm not sure those concerns remain valid given Ubuntu
> automatically mounts the filesystems on a USB flash drive I insert, and
> I doubt every piece of filesystem code in the kernel is robust against
> maliciously concocted corrupt filesystems.
AFAIK, the allow_root option does not work because .gvfs requires the
kernel keyring for authentication. Same goes for ecryptfs mounted
~/private. Root can't access it because the process doesn't have the
decryption key on its keyring.
At the end of the day programs simply have to deal with access denied
errors, even when run as root. This bug was marked as invalid both here
and upstream because this point will not change.