From e2e23c9379c745db2c8d48bbd8298720b13b56c5 Mon Sep 17 00:00:00 2001
From: Miklos Szeredi <miklos@szeredi.hu>
Date: Tue, 5 Jul 2005 12:47:24 +0000
Subject: fix

---
 doc/kernel.txt | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

(limited to 'doc')

diff --git a/doc/kernel.txt b/doc/kernel.txt
index 0331ccc..1451d11 100644
--- a/doc/kernel.txt
+++ b/doc/kernel.txt
@@ -41,6 +41,24 @@ using the sftp protocol.
 Mount options
 ~~~~~~~~~~~~~
 
+'fd=N'
+
+  The file descriptor to use for communication between the userspace
+  filesystem and the kernel.  The file descriptor must have been
+  obtained by opening the FUSE device ('/dev/fuse').
+
+'rootmode=M'
+
+  The file mode of the filesystem's root in octal representation.
+
+'user_id=N'
+
+  The numeric user id of the mount owner.
+
+'group_id=N'
+
+  The numeric group id of the mount owner.
+
 'default_permissions'
 
   By default FUSE doesn't check file access permissions, the
@@ -148,14 +166,14 @@ How are requirements fulfilled?
      2) Even if 1) is solved the mount owner can change the behavior
         of other users' processes.
 
-         - It can slow down or indefinitely delay the execution of a
+         i) It can slow down or indefinitely delay the execution of a
            filesystem operation creating a DoS against the user or the
            whole system.  For example a suid application locking a
            system file, and then accessing a file on the mount owner's
            filesystem could be stopped, and thus causing the system
            file to be locked forever.
 
-         - It can present files or directories of unlimited length, or
+         ii) It can present files or directories of unlimited length, or
            directory structures of unlimited depth, possibly causing a
            system process to eat up diskspace, memory or other
            resources, again causing DoS.
@@ -168,6 +186,11 @@ How are requirements fulfilled?
 	ptrace can be used to check if a process is allowed to access
 	the filesystem or not.
 
+	Note that the ptrace check is not strictly necessary to
+	prevent B/2/i, it is enough to check if mount owner has enough
+	privilege to send signal to the process accessing the
+	filesystem, since SIGSTOP can be used to get a similar effect.
+
 I think these limitations are unacceptable?
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-- 
cgit v1.2.3