aboutsummaryrefslogtreecommitdiff
path: root/util/fusermount.c
Commit message (Collapse)AuthorAge
* fusermount: don't feed "escaped commas" into mount optionsGravatar Jann Horn2018-07-18
| | | | | | | | | | | | | | The old code permits the following behavior: $ _FUSE_COMMFD=10000 priv_strace -etrace=mount -s200 fusermount -o 'foobar=\,allow_other' mount mount("/dev/fuse", ".", "fuse", MS_NOSUID|MS_NODEV, "foobar=\\,allow_other,fd=3,rootmode=40000,user_id=1000,group_id=1000") = -1 EINVAL (Invalid argument) However, backslashes do not have any special meaning for the kernel here. As it happens, you can't abuse this because there is no FUSE mount option that takes a string value that can contain backslashes; but this is very brittle. Don't interpret "escape characters" in places where they don't work.
* fusermount: prevent silent truncation of mount optionsGravatar Jann Horn2018-07-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, in the kernel, copy_mount_options() copies in one page of userspace memory (or less if some of that memory area is not mapped). do_mount() then writes a null byte to the last byte of the copied page. This means that mount option strings longer than PAGE_SIZE-1 bytes get truncated silently. Therefore, this can happen: user@d9-ut:~$ _FUSE_COMMFD=10000 fusermount -o "$(perl -e 'print ","x4000')" mount sending file descriptor: Bad file descriptor user@d9-ut:~$ grep /mount /proc/mounts /dev/fuse /home/user/mount fuse rw,nosuid,nodev,relatime,user_id=1000,group_id=1000 0 0 user@d9-ut:~$ fusermount -u mount user@d9-ut:~$ _FUSE_COMMFD=10000 fusermount -o "$(perl -e 'print ","x4050')" mount sending file descriptor: Bad file descriptor user@d9-ut:~$ grep /mount /proc/mounts /dev/fuse /home/user/mount fuse rw,nosuid,nodev,relatime,user_id=1000,group_id=100 0 0 user@d9-ut:~$ fusermount -u mount user@d9-ut:~$ _FUSE_COMMFD=10000 fusermount -o "$(perl -e 'print ","x4051')" mount sending file descriptor: Bad file descriptor user@d9-ut:~$ grep /mount /proc/mounts /dev/fuse /home/user/mount fuse rw,nosuid,nodev,relatime,user_id=1000,group_id=10 0 0 user@d9-ut:~$ fusermount -u mount user@d9-ut:~$ _FUSE_COMMFD=10000 fusermount -o "$(perl -e 'print ","x4052')" mount sending file descriptor: Bad file descriptor user@d9-ut:~$ grep /mount /proc/mounts /dev/fuse /home/user/mount fuse rw,nosuid,nodev,relatime,user_id=1000,group_id=1 0 0 user@d9-ut:~$ fusermount -u mount I'm not aware of any context in which this is actually exploitable - you'd still need the UIDs to fit, and you can't do it if the three GIDs of the process don't match (in the case of a typical setgid binary), but it does look like something that should be fixed. I also plan to try to get this fixed on the kernel side.
* Fix compile-time warnings on IGNORE_MTABGravatar Tomohiro Kusumi2018-05-08
| | | | | | | | | | | | | Silence below warnings which appear if IGNORE_MTAB is defined. [59/64] Compiling C object 'util/fusermount3@exe/fusermount.c.o'. ../util/fusermount.c:493:12: warning: function declaration isn't a prototype [-Wstrict-prototypes] static int count_fuse_fs() ^~~~~~~~~~~~~ ../util/fusermount.c: In function 'unmount_fuse': ../util/fusermount.c:508:46: warning: unused parameter 'quiet' [-Wunused-parameter] static int unmount_fuse(const char *mnt, int quiet, int lazy) ^~~~~
* Rename more things from fuse to fuse3Gravatar Przemysław Pawełczyk2016-11-28
|
* Fix memory leak in fusermount.Gravatar Nikolaus Rath2016-10-28
|
* Removed obsolete FUSE_DEV_OLDGravatar Nikolaus Rath2016-10-27
|
* Removed -o nonempty optionGravatar Nikolaus Rath2016-10-15
| | | | | This brings the default behavior in-line with that of the regular `mount` command.
* fusermount, libfuse: send value as unsigned in "user_id=" and "group_id="Gravatar Miklos Szeredi2014-07-15
| | | | | ...options. Uids/gids larger than 2147483647 would result in EINVAL when mounting the filesystem. This also needs a fix in the kernel.
* Merge remote-tracking branch 'origin/fuse_2_9_bugfix'Gravatar Miklos Szeredi2013-08-26
|\
| * Add missing includesGravatar Daniel Thau2013-08-26
| | | | | | | | This allows compiling fuse with musl.
* | Print help on stdout instead of stderrGravatar Miklos Szeredi2013-07-26
|/
* Fix the following compile errorGravatar Miklos Szeredi2011-11-17
| | | | | | | | fusermount.c: In function 'clone_newns': fusermount.c:315:2: warning: implicit declaration of function 'clone' [-Wimplicit-function-declaration] fusermount.c:315:44: error: 'CLONE_NEWNS' undeclared (first use in this function) fusermount.c:315:44: note: each undeclared identifier is reported only once for each function it appears in fusermount.c:317:1: warning: control reaches end of non-void function [-Wreturn-type]
* Spell checking comments, etc...Gravatar Reuben Hawkins2011-05-25
| | | | | | | | | | | ...with the help of vim :set spell modified: FAQ modified: include/fuse.h modified: include/fuse_common.h modified: include/fuse_opt.h modified: lib/fuse_kern_chan.c modified: util/fusermount.c
* cleaning up warningsGravatar Reuben Hawkins2011-05-23
| | | | | | | | | fprintf(stderr, whatever); -> fprintf(stderr, "%s", whatever); checking return values on chdir and lockf where we weren't already modified: example/cusexmp.c modified: example/fioclient.c modified: util/fusermount.c
* fusermount: Added support for auto_unmount optionGravatar Max Krasnyansky2011-04-15
| | | | | | When this option is specified fusermount will become a daemon and wait for the parent to exit or die, which causes control fd to get closed. It will then try to unmount the original mountpoint.
* Check the 'mtablock' for negative valueGravatar Laszlo Papp2011-03-30
|
* fusermount: clean up do_mount() functionGravatar Miklos Szeredi2011-03-30
|
* Eliminate the unused valueGravatar Laszlo Papp2011-03-30
|
* Fix resource leaks in fusermountGravatar Laszlo Papp2011-03-30
|
* In case of failure to add to /etc/mtab don't umount.Gravatar Miklos Szeredi2011-03-11
| | | | Reported by Marc Deslauriers
* Revert "Fix cleanup in case of failed mount"Gravatar Miklos Szeredi2011-03-11
| | | | | | | | This reverts commit bf5ffb5fd8558bd799791834def431c0cee5a11f. Cleanup of mount doesn't work the way it was envisioned, because the kernel doesn't follow mounts on the umount() call, hence it will find a non-mounted directory.
* fusermount: only allow mount and umount if util-linux suppports ↵Gravatar Miklos Szeredi2011-01-31
| | | | | | | --no-canonicalize Remove "legacy" util-linux support as missing --no-canonicalize cannot be worked around in fuse.
* fusermount: chdir to / before performing mount/umountGravatar Miklos Szeredi2011-01-31
|
* Fix cleanup in case of failed mountGravatar Miklos Szeredi2011-01-31
| | | | | In case of failure to add to /etc/mtab use same mountpoint for cleanup as for mounting. Reported by Marc Deslauriers
* fusermount: don't save/restore cwdGravatar Miklos Szeredi2010-11-08
| | | | | Remove unnecessary restoring of current working directory in "fusermount -u"
* update umount procedureGravatar Miklos Szeredi2010-11-08
| | | | | | | | | | | | | If umount(8) supports --fake and --no-canonicalize (util-linux-ng version 2.18 or later), and umount(2) supports the UMOUNT_NOFOLLOW flag (linux kernel version 2.6.35 or later) then, "fusermount -u" will call the umount(2) system call and use "umount --fake ..." to update /etc/mtab Added --disable-legacy-umount option to configure. This disables the runtime checking of umount(8) version. When built with this option then "fusermount -u" will fail if umount(8) doesn't support the --fake and --no-canonicalize options.
* Fix option escaping for fusermount.Gravatar Miklos Szeredi2010-09-28
| | | | | | | | If the "fsname=" option contained a comma then the option parser in fusermount was confused (Novell bugzilla #641480). Fix by escaping commas when passing them over to fusermount. Reported by Jan Engelhardt
* * Fix checking for symlinks in umount from /tmp. Reported by AlGravatar Miklos Szeredi2010-04-26
| | | | | | Viro * Fix umounting if /tmp is a symlink. Reported by Franco Broi
* * Fix stack alignment for clone()Gravatar Miklos Szeredi2010-02-18
|
* * Fix race if two "fusermount -u" instances are run in parallel.Gravatar Miklos Szeredi2010-01-26
| | | | | | | Reported by Dan Rosenberg * Make sure that the path to be unmounted doesn't refer to a symlink
* * fusermount: Do not silently ignore command line arguments.Gravatar Miklos Szeredi2009-07-02
| | | | Patch by Sebastian Harl
* Update warning message for missing newline at end of fuse.confGravatar Miklos Szeredi2008-04-09
|
* Fix memory leaks on mountGravatar Miklos Szeredi2008-03-25
|
* change indentingGravatar Miklos Szeredi2007-12-12
|
* Add fs subtype support to libfuse and fusermountGravatar Miklos Szeredi2007-06-20
|
* libfuse: call umount(8) directly...Gravatar Miklos Szeredi2007-04-27
|
* update copyright datesGravatar Miklos Szeredi2007-04-25
|
* *** empty log message ***Gravatar Miklos Szeredi2007-04-25
|
* merge up to fuse_2_6_merge1Gravatar Miklos Szeredi2007-01-19
|
* mounting fixesGravatar Miklos Szeredi2006-12-10
|
* build fixesGravatar Miklos Szeredi2006-12-04
|
* Print a more helpful message in case the kernel doesn't support the ↵Gravatar Miklos Szeredi2006-11-29
| | | | 'fuseblk' filesystem type
* fusermount: don't try to create a lock file if /etc/mtab is a symlinkGravatar Miklos Szeredi2006-10-18
|
* fusermount: revert modprobe changeGravatar Miklos Szeredi2006-09-30
|
* bmap supportGravatar Miklos Szeredi2006-09-30
|
* fixGravatar Miklos Szeredi2006-09-02
|
* fusermount improvementGravatar Miklos Szeredi2006-08-18
|
* fixesGravatar Miklos Szeredi2006-07-30
|
* fixGravatar Miklos Szeredi2006-07-14
|
* fixGravatar Miklos Szeredi2006-01-09
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-21 07:45:53 +0000