From: Ingo Schwarze Subject: Re: Skip fuse FS by /usr/libexec/security To: "Kirill A. Korinsky" Cc: tech@openbsd.org, Sylvestre Gallon , Helg Bredow Date: Wed, 15 May 2024 19:06:10 +0200 Hello Kirill, Kirill A. Korinsky wrote on Wed, May 01, 2024 at 06:00:24PM +0200: > "Kirill A. Korinsky" wrote: >> With this diff security(8) skips not only non-local filesystem >> but also filesystem which was moundted via FUSE. > Anyone? The fundamental idea may have some merit, but i feel unsure since you did not explain why you think FUSE filesystems should be skipped. I'm unsure what FUSE is used for in practice. The fuse(4) manual does not help me in that respect. I'm not even sure how one would typically mount a FUSE file system as /sbin/mount_fuse does not appear to exist, nor does fuse(4) reference any other section 8 or section 1 manual pages. There are large numbers of fuse_*(3) manual pages, so i may be missing something, but on first sight, those don't help me either to understand what this might be used for. On top of that, i fear your patch may be doing about the opposite of what you supposedly intended to achieve. How exactly did you test this patch? Your code says: $opt =~ /local/ && $type == /fuse/ Only file systems matching that - i.e. only file systems that are *both* local and fuse - will be added to the @fs array. In particular, if no fuse filesystem is mounted, @fs will remain empty. But right afterwards, the code says: return unless @fs; So you are disabling *all* find_special_files security checks unless at least one fuse file system is mounted? Even if at least one fuse file system is mounted, @fs will only contain the fuse file systems, so the following File::Find(3p) will only iterate the fuse file systems, still disabling all checks for all non-fuse file systems. Sorry in case i'm totally misreading your patch... Yours, Ingo >> diff --git libexec/security/security libexec/security/security >> index 12ae7d631c3..caed0b71247 100644 >> --- libexec/security/security >> +++ libexec/security/security >> @@ -534,14 +534,14 @@ sub find_special_files { >> %skip = map { $_ => 1 } split ' ', $ENV{SUIDSKIP} >> if $ENV{SUIDSKIP}; >> >> - # Add mount points of non-local file systems >> + # Add mount points of non-local and fuse file systems >> # to the list of directories to skip. >> nag !(open my $fh, '-|', 'mount'), >> "cannot spawn mount: $!" >> and return; >> while (<$fh>) { >> - my ($path, $opt) = /\son\s+(.*?)\s+type\s+\w+(.*)/; >> - push @fs, $path if $path && $opt =~ /local/ && >> + my ($path, $type, $opt) = /\son\s+(.*?)\s+type\s+(\w+)\s+(.*)/; >> + push @fs, $path if $path && $opt =~ /local/ && $type == /fuse/ && >> !($opt =~ /nodev/ && $opt =~ /nosuid/); >> } >> close_or_nag $fh, "mount" or return;