Re: HEAD'S UP: fusefs sysctls going away

From: Shawn Webb <shawn.webb_at_hardenedbsd.org>
Date: Thu, 21 Mar 2019 11:48:17 -0400
Hey Alan,

Thank you very much for your work in maintaining fusefs. I only use
fusefs in very limited circumstances, so take what I'm about to say
with a grain of salt.

On Thu, Mar 21, 2019 at 09:43:07AM -0600, Alan Somers wrote:
> fusefs has several sysctl knobs that seem to be workarounds for bugs
> in particular fuse daemons.  However, there is no indication as to
> which those daemons are, neither in the code nor in SVN.  All of the
> workarounds are at least 6.5 years old, so the original bugs may have
> been fixed already.  Since the original bugs aren't documented, I
> consider these workarounds to be unmaintainable, and I'm planning to
> delete them unless anybody objects.  Please pipe up if you still use
> them!
> 
> vfs.fusefs.mmap_enable: If non-zero, and data_cache_mode is also
> non-zero, enable mmap(2) of FUSE files

I'm curious if the security impacts of removing the toggle to disable
mmap support for fusefs. Is there a per-fusefs replacement for
mmap_enable? From a security perspective, it would be nice to keep the
ability to disable mapping of files mounted on a fusefs.

Thanks,

-- 
Shawn Webb
Cofounder and Security Engineer
HardenedBSD

Tor-ified Signal:    +1 443-546-8752
Tor+XMPP+OTR:        lattera_at_is.a.hacker.sx
GPG Key ID:          0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE

Received on Thu Mar 21 2019 - 14:49:03 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:20 UTC