| Age | Commit message (Collapse) | Author | Lines |
|---|
|
Currently, in the kernel, copy_mount_options() copies in one page of
userspace memory (or less if some of that memory area is not mapped).
do_mount() then writes a null byte to the last byte of the copied page.
This means that mount option strings longer than PAGE_SIZE-1 bytes get
truncated silently.
Therefore, this can happen:
user@d9-ut:~$ _FUSE_COMMFD=10000 fusermount -o "$(perl -e 'print ","x4000')" mount
sending file descriptor: Bad file descriptor
user@d9-ut:~$ grep /mount /proc/mounts
/dev/fuse /home/user/mount fuse rw,nosuid,nodev,relatime,user_id=1000,group_id=1000 0 0
user@d9-ut:~$ fusermount -u mount
user@d9-ut:~$ _FUSE_COMMFD=10000 fusermount -o "$(perl -e 'print ","x4050')" mount
sending file descriptor: Bad file descriptor
user@d9-ut:~$ grep /mount /proc/mounts
/dev/fuse /home/user/mount fuse rw,nosuid,nodev,relatime,user_id=1000,group_id=100 0 0
user@d9-ut:~$ fusermount -u mount
user@d9-ut:~$ _FUSE_COMMFD=10000 fusermount -o "$(perl -e 'print ","x4051')" mount
sending file descriptor: Bad file descriptor
user@d9-ut:~$ grep /mount /proc/mounts
/dev/fuse /home/user/mount fuse rw,nosuid,nodev,relatime,user_id=1000,group_id=10 0 0
user@d9-ut:~$ fusermount -u mount
user@d9-ut:~$ _FUSE_COMMFD=10000 fusermount -o "$(perl -e 'print ","x4052')" mount
sending file descriptor: Bad file descriptor
user@d9-ut:~$ grep /mount /proc/mounts
/dev/fuse /home/user/mount fuse rw,nosuid,nodev,relatime,user_id=1000,group_id=1 0 0
user@d9-ut:~$ fusermount -u mount
I'm not aware of any context in which this is actually exploitable - you'd
still need the UIDs to fit, and you can't do it if the three GIDs of the
process don't match (in the case of a typical setgid binary), but it does
look like something that should be fixed.
I also plan to try to get this fixed on the kernel side.
|
|
Silence below warnings which appear if IGNORE_MTAB is defined.
[59/64] Compiling C object 'util/fusermount3@exe/fusermount.c.o'.
../util/fusermount.c:493:12: warning: function declaration isn't a prototype [-Wstrict-prototypes]
static int count_fuse_fs()
^~~~~~~~~~~~~
../util/fusermount.c: In function 'unmount_fuse':
../util/fusermount.c:508:46: warning: unused parameter 'quiet' [-Wunused-parameter]
static int unmount_fuse(const char *mnt, int quiet, int lazy)
^~~~~
|
|
|
|
|
|
|
|
This brings the default behavior in-line with that of the
regular `mount` command.
|
|
...options. Uids/gids larger than 2147483647 would result in EINVAL when
mounting the filesystem. This also needs a fix in the kernel.
|
|
|
|
This allows compiling fuse with musl.
|
|
|
|
fusermount.c: In function 'clone_newns':
fusermount.c:315:2: warning: implicit declaration of function 'clone' [-Wimplicit-function-declaration]
fusermount.c:315:44: error: 'CLONE_NEWNS' undeclared (first use in this function)
fusermount.c:315:44: note: each undeclared identifier is reported only once for each function it appears in
fusermount.c:317:1: warning: control reaches end of non-void function [-Wreturn-type]
|
|
...with the help of vim :set spell
modified: FAQ
modified: include/fuse.h
modified: include/fuse_common.h
modified: include/fuse_opt.h
modified: lib/fuse_kern_chan.c
modified: util/fusermount.c
|
|
fprintf(stderr, whatever); -> fprintf(stderr, "%s", whatever);
checking return values on chdir and lockf where we weren't already
modified: example/cusexmp.c
modified: example/fioclient.c
modified: util/fusermount.c
|
|
When this option is specified fusermount will become a daemon and wait for the
parent to exit or die, which causes control fd to get closed. It will then try
to unmount the original mountpoint.
|
|
|
|
|
|
|
|
|
|
Reported by Marc Deslauriers
|
|
This reverts commit bf5ffb5fd8558bd799791834def431c0cee5a11f.
Cleanup of mount doesn't work the way it was envisioned, because the
kernel doesn't follow mounts on the umount() call, hence it will find
a non-mounted directory.
|
|
--no-canonicalize
Remove "legacy" util-linux support as missing --no-canonicalize cannot
be worked around in fuse.
|
|
|
|
In case of failure to add to /etc/mtab use same mountpoint for cleanup
as for mounting. Reported by Marc Deslauriers
|
|
Remove unnecessary restoring of current working directory in
"fusermount -u"
|
|
If umount(8) supports --fake and --no-canonicalize (util-linux-ng
version 2.18 or later), and umount(2) supports the UMOUNT_NOFOLLOW
flag (linux kernel version 2.6.35 or later) then, "fusermount -u" will
call the umount(2) system call and use "umount --fake ..." to update
/etc/mtab
Added --disable-legacy-umount option to configure. This disables the
runtime checking of umount(8) version. When built with this option
then "fusermount -u" will fail if umount(8) doesn't support the --fake
and --no-canonicalize options.
|
|
If the "fsname=" option contained a comma then the option parser in
fusermount was confused (Novell bugzilla #641480). Fix by escaping
commas when passing them over to fusermount.
Reported by Jan Engelhardt
|
|
Viro
* Fix umounting if /tmp is a symlink. Reported by Franco Broi
|
|
|
|
Reported by Dan Rosenberg
* Make sure that the path to be unmounted doesn't refer to a
symlink
|
|
Patch by Sebastian Harl
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
'fuseblk' filesystem type
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
