Unprivileged filesystem mounts, 2018 edition

Posted May 30, 2018 23:16 UTC (Wed) by roc (subscriber, #30627)
Parent article: Unprivileged filesystem mounts, 2018 edition

Would be good to know why Ted T'so said "FUSE is a pretty terrible security boundary." So far I think he hasn't explained it in the thread.

Unprivileged filesystem mounts, 2018 edition

Posted May 31, 2018 1:50 UTC (Thu) by ncm (guest, #165) [Link]

The set Z for which "Zi is a pretty terrible security boundary" does not hold is small enough as to be statistically negligible. The burden of proof is on anyone asserting that some Zj is in that set.

Sshd (with password and challenge-response authentication turned off) might be in the set. Anything not specifically designed to be in Z can safely be assumed not to be.