41 строка
1.3 KiB
Diff
41 строка
1.3 KiB
Diff
From 5018a0c016495155ee598b7e0167b43d5d902414 Mon Sep 17 00:00:00 2001
|
|
From: Jann Horn <jannh@google.com>
|
|
Date: Sat, 14 Jul 2018 03:47:50 -0700
|
|
Subject: [PATCH] fusermount: refuse unknown options
|
|
|
|
Blacklists are notoriously fragile; especially if the kernel wishes to add
|
|
some security-critical mount option at a later date, all existing systems
|
|
with older versions of fusermount installed will suddenly have a security
|
|
problem.
|
|
Additionally, if the kernel's option parsing became a tiny bit laxer, the
|
|
blacklist could probably be bypassed.
|
|
|
|
Whitelist known-harmless flags instead, even if it's slightly more
|
|
inconvenient.
|
|
---
|
|
util/fusermount.c | 8 +++++++-
|
|
1 file changed, 7 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/util/fusermount.c b/util/fusermount.c
|
|
index 4e0f51a3..27924073 100644
|
|
--- a/util/fusermount.c
|
|
+++ b/util/fusermount.c
|
|
@@ -819,10 +819,16 @@ static int do_mount(const char *mnt, char **typep, mode_t rootmode,
|
|
flags |= flag;
|
|
else
|
|
flags &= ~flag;
|
|
- } else {
|
|
+ } else if (opt_eq(s, len, "default_permissions") ||
|
|
+ opt_eq(s, len, "allow_other") ||
|
|
+ begins_with(s, "max_read=") ||
|
|
+ begins_with(s, "blksize=")) {
|
|
memcpy(d, s, len);
|
|
d += len;
|
|
*d++ = ',';
|
|
+ } else {
|
|
+ fprintf(stderr, "%s: unknown option '%.*s'\n", progname, len, s);
|
|
+ exit(1);
|
|
}
|
|
}
|
|
}
|