tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

puffs ignores filesystem permissions


it seems puffs, our userspace filesystem framework, has a serious
security issue: it is completely ignoring filesystem permissions!

This is on NetBSD 5.1:

  # rump_tmpfs tmpfs /mnt
  [ doesn't return, so switching to another terminal ]

  # cp /etc/fstab /mnt
  # chmod 700 /mnt
  # chmod 600 /mnt/fstab

--> now as a regular user:

  % cat /mnt/fstab
  [ works ]

I can reproduce this issue with all puffs, rump and fuse filesystems
(initially noticed it while testing fuse-encfs from pkgsrc).



Geert Hendrickx  -=-  -=-  PGP: 0xC4BB9E9F
This e-mail was composed using 100% recycled spam messages!

Attachment: pgpaOgGQsaFNW.pgp
Description: PGP signature

Home | Main Index | Thread Index | Old Index