108 lines
4.0 KiB

  1. libfuse
  2. =======
  3. Warning: unresolved security issue
  4. ----------------------------------
  5. Be aware that FUSE has an unresolved security bug
  6. ([bug #15](https://github.com/libfuse/libfuse/issues/15)): the
  7. permission check for accessing a cached directory is only done once
  8. when the directory entry is first loaded into the cache. Subsequent
  9. accesses will re-use the results of the first check, even if the
  10. directory permissions have since changed, and even if the subsequent
  11. access is made by a different user.
  12. This bug needs to be fixed in the Linux kernel and has been known
  13. since 2006 but unfortunately no fix has been applied yet. If you
  14. depend on correct permission handling for FUSE file systems, the only
  15. workaround is to completely disable caching of directory
  16. entries. Alternatively, the severity of the bug can be somewhat
  17. reduced by not using the `allow_other` mount option.
  18. About
  19. -----
  20. FUSE (Filesystem in Userspace) is an interface for userspace programs
  21. to export a filesystem to the Linux kernel. The FUSE project consists
  22. of two components: the *fuse* kernel module (maintained in the regular
  23. kernel repositories) and the *libfuse* userspace library (maintained
  24. in this repository). libfuse provides the reference implementation
  25. for communicating with the FUSE kernel module.
  26. A FUSE file system is typically implemented as a standalone
  27. application that links with libfuse. libfuse provides functions to
  28. mount the file system, unmount it, read requests from the kernel, and
  29. send responses back. libfuse offers two APIs: a "high-level",
  30. synchronous API, and a "low-level" asynchronous API. In both cases,
  31. incoming requests from the kernel are passed to the main program using
  32. callbacks. When using the high-level API, the callbacks may work with
  33. file names and paths instead of inodes, and processing of a request
  34. finishes when the callback function returns. When using the low-level
  35. API, the callbacks must work with inodes and responses must be sent
  36. explicitly using a separate set of API functions.
  37. Installation
  38. ------------
  39. ./configure
  40. make -j8
  41. make install
  42. You may also need to add `/usr/local/lib` to `/etc/ld.so.conf` and/or
  43. run *ldconfig*. If you're building from the git repository (instead of
  44. using a release tarball), you also need to run `./makeconf.sh` to
  45. create the `configure` script.
  46. You'll also need a fuse kernel module (Linux kernels 2.6.14 or later
  47. contain FUSE support).
  48. For more details see the file `INSTALL`
  49. Security implications
  50. ---------------------
  51. If you run `make install`, the *fusermount* program is installed
  52. set-user-id to root. This is done to allow normal users to mount
  53. their own filesystem implementations.
  54. There must however be some limitations, in order to prevent Bad User from
  55. doing nasty things. Currently those limitations are:
  56. - The user can only mount on a mountpoint, for which it has write
  57. permission
  58. - The mountpoint is not a sticky directory which isn't owned by the
  59. user (like /tmp usually is)
  60. - No other user (including root) can access the contents of the
  61. mounted filesystem (though this can be relaxed by allowing the use
  62. of the `allow_other` and `allow_root` mount options in `fuse.conf`)
  63. Building your own filesystem
  64. ------------------------------
  65. FUSE comes with several example file systems in the `examples`
  66. directory. For example, the *fusexmp* example mirrors the contents of
  67. the root directory under the mountpoint. Start from there and adapt
  68. the code!
  69. The documentation of the API functions and necessary callbacks is
  70. mostly contained in the files `include/fuse.h` (for the high-level
  71. API) and `include/fuse_lowlevel.h` (for the low-level API). An
  72. autogenerated html version of the API is available in the `doc/html`
  73. directory and at http://libfuse.github.io/doxygen.
  74. Getting Help
  75. ------------
  76. If you need help, please ask on the <fuse-devel@lists.sourceforge.net>
  77. mailing list (subscribe at
  78. https://lists.sourceforge.net/lists/listinfo/fuse-devel).
  79. Please report any bugs on the GitHub issue tracker at
  80. https://github.com/libfuse/main/issues.