| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The old code permits the following behavior:
$ _FUSE_COMMFD=10000 priv_strace -etrace=mount -s200 fusermount -o 'foobar=\,allow_other' mount
mount("/dev/fuse", ".", "fuse", MS_NOSUID|MS_NODEV, "foobar=\\,allow_other,fd=3,rootmode=40000,user_id=1000,group_id=1000") = -1 EINVAL (Invalid argument)
However, backslashes do not have any special meaning for the kernel here.
As it happens, you can't abuse this because there is no FUSE mount option
that takes a string value that can contain backslashes; but this is very
brittle. Don't interpret "escape characters" in places where they don't
work.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, in the kernel, copy_mount_options() copies in one page of
userspace memory (or less if some of that memory area is not mapped).
do_mount() then writes a null byte to the last byte of the copied page.
This means that mount option strings longer than PAGE_SIZE-1 bytes get
truncated silently.
Therefore, this can happen:
user@d9-ut:~$ _FUSE_COMMFD=10000 fusermount -o "$(perl -e 'print ","x4000')" mount
sending file descriptor: Bad file descriptor
user@d9-ut:~$ grep /mount /proc/mounts
/dev/fuse /home/user/mount fuse rw,nosuid,nodev,relatime,user_id=1000,group_id=1000 0 0
user@d9-ut:~$ fusermount -u mount
user@d9-ut:~$ _FUSE_COMMFD=10000 fusermount -o "$(perl -e 'print ","x4050')" mount
sending file descriptor: Bad file descriptor
user@d9-ut:~$ grep /mount /proc/mounts
/dev/fuse /home/user/mount fuse rw,nosuid,nodev,relatime,user_id=1000,group_id=100 0 0
user@d9-ut:~$ fusermount -u mount
user@d9-ut:~$ _FUSE_COMMFD=10000 fusermount -o "$(perl -e 'print ","x4051')" mount
sending file descriptor: Bad file descriptor
user@d9-ut:~$ grep /mount /proc/mounts
/dev/fuse /home/user/mount fuse rw,nosuid,nodev,relatime,user_id=1000,group_id=10 0 0
user@d9-ut:~$ fusermount -u mount
user@d9-ut:~$ _FUSE_COMMFD=10000 fusermount -o "$(perl -e 'print ","x4052')" mount
sending file descriptor: Bad file descriptor
user@d9-ut:~$ grep /mount /proc/mounts
/dev/fuse /home/user/mount fuse rw,nosuid,nodev,relatime,user_id=1000,group_id=1 0 0
user@d9-ut:~$ fusermount -u mount
I'm not aware of any context in which this is actually exploitable - you'd
still need the UIDs to fit, and you can't do it if the three GIDs of the
process don't match (in the case of a typical setgid binary), but it does
look like something that should be fixed.
I also plan to try to get this fixed on the kernel side.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Silence below warnings which appear if IGNORE_MTAB is defined.
[59/64] Compiling C object 'util/fusermount3@exe/fusermount.c.o'.
../util/fusermount.c:493:12: warning: function declaration isn't a prototype [-Wstrict-prototypes]
static int count_fuse_fs()
^~~~~~~~~~~~~
../util/fusermount.c: In function 'unmount_fuse':
../util/fusermount.c:508:46: warning: unused parameter 'quiet' [-Wunused-parameter]
static int unmount_fuse(const char *mnt, int quiet, int lazy)
^~~~~
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This brings the default behavior in-line with that of the
regular `mount` command.
|
|
|
|
|
| |
...options. Uids/gids larger than 2147483647 would result in EINVAL when
mounting the filesystem. This also needs a fix in the kernel.
|
|\ |
|
| |
| |
| |
| | |
This allows compiling fuse with musl.
|
|/ |
|
|
|
|
|
|
|
|
| |
fusermount.c: In function 'clone_newns':
fusermount.c:315:2: warning: implicit declaration of function 'clone' [-Wimplicit-function-declaration]
fusermount.c:315:44: error: 'CLONE_NEWNS' undeclared (first use in this function)
fusermount.c:315:44: note: each undeclared identifier is reported only once for each function it appears in
fusermount.c:317:1: warning: control reaches end of non-void function [-Wreturn-type]
|
|
|
|
|
|
|
|
|
|
|
| |
...with the help of vim :set spell
modified: FAQ
modified: include/fuse.h
modified: include/fuse_common.h
modified: include/fuse_opt.h
modified: lib/fuse_kern_chan.c
modified: util/fusermount.c
|
|
|
|
|
|
|
|
|
| |
fprintf(stderr, whatever); -> fprintf(stderr, "%s", whatever);
checking return values on chdir and lockf where we weren't already
modified: example/cusexmp.c
modified: example/fioclient.c
modified: util/fusermount.c
|
|
|
|
|
|
| |
When this option is specified fusermount will become a daemon and wait for the
parent to exit or die, which causes control fd to get closed. It will then try
to unmount the original mountpoint.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Reported by Marc Deslauriers
|
|
|
|
|
|
|
|
| |
This reverts commit bf5ffb5fd8558bd799791834def431c0cee5a11f.
Cleanup of mount doesn't work the way it was envisioned, because the
kernel doesn't follow mounts on the umount() call, hence it will find
a non-mounted directory.
|
|
|
|
|
|
|
| |
--no-canonicalize
Remove "legacy" util-linux support as missing --no-canonicalize cannot
be worked around in fuse.
|
| |
|
|
|
|
|
| |
In case of failure to add to /etc/mtab use same mountpoint for cleanup
as for mounting. Reported by Marc Deslauriers
|
|
|
|
|
| |
Remove unnecessary restoring of current working directory in
"fusermount -u"
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If umount(8) supports --fake and --no-canonicalize (util-linux-ng
version 2.18 or later), and umount(2) supports the UMOUNT_NOFOLLOW
flag (linux kernel version 2.6.35 or later) then, "fusermount -u" will
call the umount(2) system call and use "umount --fake ..." to update
/etc/mtab
Added --disable-legacy-umount option to configure. This disables the
runtime checking of umount(8) version. When built with this option
then "fusermount -u" will fail if umount(8) doesn't support the --fake
and --no-canonicalize options.
|
|
|
|
|
|
|
|
| |
If the "fsname=" option contained a comma then the option parser in
fusermount was confused (Novell bugzilla #641480). Fix by escaping
commas when passing them over to fusermount.
Reported by Jan Engelhardt
|
|
|
|
|
|
| |
Viro
* Fix umounting if /tmp is a symlink. Reported by Franco Broi
|
| |
|
|
|
|
|
|
|
| |
Reported by Dan Rosenberg
* Make sure that the path to be unmounted doesn't refer to a
symlink
|
|
|
|
| |
Patch by Sebastian Harl
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
'fuseblk' filesystem type
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|