diff options
author | Jann Horn <jannh@google.com> | 2018-07-14 03:47:50 -0700 |
---|---|---|
committer | Nikolaus Rath <Nikolaus@rath.org> | 2018-07-18 20:32:28 +0100 |
commit | 5018a0c016495155ee598b7e0167b43d5d902414 (patch) | |
tree | 6a13fbb077868e91fa36b942a88105caa8093886 | |
parent | cc315f5aa7fae04e16dda419859b2995992977cd (diff) |
fusermount: refuse unknown options
Blacklists are notoriously fragile; especially if the kernel wishes to add
some security-critical mount option at a later date, all existing systems
with older versions of fusermount installed will suddenly have a security
problem.
Additionally, if the kernel's option parsing became a tiny bit laxer, the
blacklist could probably be bypassed.
Whitelist known-harmless flags instead, even if it's slightly more
inconvenient.
-rw-r--r-- | util/fusermount.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/util/fusermount.c b/util/fusermount.c index 4e0f51a..2792407 100644 --- a/util/fusermount.c +++ b/util/fusermount.c @@ -819,10 +819,16 @@ static int do_mount(const char *mnt, char **typep, mode_t rootmode, flags |= flag; else flags &= ~flag; - } else { + } else if (opt_eq(s, len, "default_permissions") || + opt_eq(s, len, "allow_other") || + begins_with(s, "max_read=") || + begins_with(s, "blksize=")) { memcpy(d, s, len); d += len; *d++ = ','; + } else { + fprintf(stderr, "%s: unknown option '%.*s'\n", progname, len, s); + exit(1); } } } |