Posted Jan 18, 2008 5:28 UTC (Fri) by jimparis (subscriber, #38647)
Parent article: Unprivileged mounts
Maybe the "thorough audit" part already covers this, but another big concern is "what does it
look like to other users?" For example, in fuse, you could make a filesystem that delayed
arbitrarily long when you tried to read a file, or made it seem like you had an infinitely
deep directory structure. If some other user's process (like an "updatedb" run by root) could
get trapped in here, it's now a DoS and potential security issue. Fuse gets around this by
simply disallowing it unless you specify "allow_other" when mounting.