Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $ mkdir mnt
- $ bindfs /tmp mnt
- fusermount: option allow_other only allowed if 'user_allow_other' is set in /etc/fuse.conf
- $ bindfs --no-allow-other /tmp mnt
- $ mkdir /tmp/mnt2
- $ bindfs --no-allow-other /tmp mnt/mnt2
- fusermount: bad mount point /home/alan/mnt/mnt2: Permission denied
- $ sudo ls mnt/
- ls: cannot open directory 'mnt/': Permission denied
- $ ls -l $(which fusermount)
- -rwsr-xr-x. 1 root root 32848 Feb 7 2018 /usr/bin/fusermount
- ^ set-uid bit
- strace -f bindfs ...
- sudo perf trace -o trace.txt -a sleep 2; sleep 1; bindfs ...
- [pid 30609] mount("/home/alan-sysop/mnt", ".", "fuse", MS_NOSUID|MS_NODEV, "default_permissions,fd=5,rootmod"...) = -1 EPERM (Operation not permitted)
- [pid 30609] getuid() = 1000
- [pid 30609] setfsuid(1000) = 1000
- [pid 30609] getgid() = 1000
- [pid 30609] setfsgid(1000) = 1000
- [pid 30609] openat(AT_FDCWD, "/etc/fuse.conf", O_RDONLY) = 6
- ...
- [pid 30609] lstat("/home/alan-sysop/mnt", {st_mode=S_IFDIR|0775, st_size=4096, ...}) = 0
- [pid 30609] getuid() = 1000
- [pid 30609] chdir("/home/alan-sysop/mnt") = 0
- [pid 30609] lstat(".", {st_mode=S_IFDIR|0775, st_size=4096, ...}) = 0
- [pid 30609] access(".", W_OK) = 0
- [pid 30609] getuid() = 1000
- [pid 30609] setfsuid(1000) = 1000
- [pid 30609] setfsgid(1000) = 1000
- getuid( ) = 1000
- setfsuid(uid: 1000 ) = 0
- getgid( ) = 1000
- setfsgid(gid: 1000 ) = 1000
- openat(dfd: CWD, filename: 0xa428e2bc ) = 6
- ...
- close(fd: 6 ) = 0
- lstat(filename: 0xa63882a0, statbuf: 0x7ffe7bd4f6d0 ) = 0
- getuid( ) = 1000
- chdir(filename: 0xa63882a0 ) = 0
- lstat(filename: 0xa428eca5, statbuf: 0x7ffe7bd4f6d0 ) = 0
- access(filename: 0xa428eca5, mode: W ) = 0
- getuid( ) = 1000
- setfsuid( ) = 1000
- setfsgid(gid: 1000 ) = 1000
- getuid( ) = 1000
Add Comment
Please, Sign In to add comment