Ticket #45 (new defect)
Opened 15 months ago
a way to bypass file read permissions using fuse client:
|Reported by:||hubcap||Owned by:||parl|
|Keywords:||fuse kernel module permissions bypass||Cc:|
This bug was reported by Andrew Savchenko, bircoph@…...
On Mon, 12 Mar 2012 19:56:14 -0400 Kevin Stone wrote:
The invalid argument on chmod in fuse is fixed here:
Thanks, it works. Though I found a way to bypass file read
permissions using fuse client:
1) Mount pvfs2 using pvfs2-client.
2) do as root:
# touch secret_file
# chmod 0600 secret_file
# echo secret_data > secret_file
3) do as user:
$ pvfs2fuse -o fs_spec=" tcp://host:3334/pvfs2-fs" mountpoint
$ ll secret_file
-rw------- 0 root root 12 Mar 13 19:58 secret_file
$ cat secret_file
Parent directory is owned by root.
This works only for data read, you can't delete or modify file.
pvfs2-client works normally.
This doesn't work for directories, files only.
With default_permissions fuse option this also works as expected.
I know, security is not a primary goal for PFVS2 and most of
distributed file systems, but nevertheless it will be good to fix
this as well.