fuse (Was Re: early-gdm redux)
David Zeuthen
davidz at redhat.com
Thu Sep 20 18:38:46 UTC 2007
On Tue, 2007-09-18 at 19:41 +0200, Thorsten Leemhuis wrote:
> I got a new laptop three months ago. It came with Windows and thus a
> NTFS partition which I only made smaller, but did not remove --
> /dev/sda3 to be precise:
>
> $ ls -l /dev/sda3
> brw-r----- 1 root disk 8, 3 14. Sep 16:10 /dev/sda3
FWIW, just doing
$ gnome-mount -d /dev/sda3
or double-clicking the appropriate icon it in Nautilus is how it works
in Fedora 8. You may need to go through a one-time-pain dialog to enter
either your own or the root password.
[...]
> Which brings me to my questions: Can somebody please explain why the
> above it working? Does it mean that if I write my own malicious
> fuse.ext3 userspace driver that I can mount each and every block-device
> on my system and read or modify the files on it (all by using fuse)?
Probably. Someone better fix fuse to not allow this.
David
More information about the desktop
mailing list