~alpine/devel

1

[alpine-devel] fuse filesystems, non-root users, and grsecurity

Chris Brannon
Details
Message ID
<87fvajsia3.fsf@mushroom.localdomain>
Sender timestamp
1423201652
DKIM signature
missing
Download raw message
Yesterday, I was trying to mount an sshfs filesystem with my regular
user account, and I kept getting an error message saying: "bad
mountpoint, permission denied".
After lots of searching, I was still dumbfounded, until I had a flash of
inspiration.  I added my user to the readproc group, and voila, my
problem went away after logging out and logging in to refresh my groups.
Is there a better solution?  It seems counterintuitive that I should
have to be in the readproc group just to use sshfs.

-- Chris



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Timo Teras
Details
Message ID
<20150209094554.593b69eb@vostro>
In-Reply-To
<87fvajsia3.fsf@mushroom.localdomain> (view parent)
Sender timestamp
1423467954
DKIM signature
missing
Download raw message
On Thu, 05 Feb 2015 21:47:32 -0800
Chris Brannon <chris@the-brannons.com> wrote:

> Yesterday, I was trying to mount an sshfs filesystem with my regular
> user account, and I kept getting an error message saying: "bad
> mountpoint, permission denied".
> After lots of searching, I was still dumbfounded, until I had a flash
> of inspiration.  I added my user to the readproc group, and voila, my
> problem went away after logging out and logging in to refresh my
> groups. Is there a better solution?  It seems counterintuitive that I
> should have to be in the readproc group just to use sshfs.

Thanks for the bug report. I added a patch that should fix this. True
new fuse package available in 'edge'.

See also:
http://git.alpinelinux.org/cgit/aports/commit/main/fuse?id=b5d81e456487d4dbfbdf0d07ae6ca5cf3f59d186
http://www.openwall.com/lists/musl/2015/02/07/1
http://sourceforge.net/p/fuse/mailman/message/33378384/

Thanks,
Timo


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---