Date: Thu, 21 Mar 2019 11:48:17 -0400 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Alan Somers <asomers@freebsd.org> Cc: FreeBSD CURRENT <freebsd-current@freebsd.org>, freebsd-fs <freebsd-fs@freebsd.org> Subject: Re: HEAD'S UP: fusefs sysctls going away Message-ID: <20190321154817.2lgwjzl4o2urlmdw@mutt-hbsd> In-Reply-To: <CAOtMX2i9qwhNTdCgNxxUOmf=FZAOmD7w=T8vmvyF-9-P0iw-CQ@mail.gmail.com> References: <CAOtMX2i9qwhNTdCgNxxUOmf=FZAOmD7w=T8vmvyF-9-P0iw-CQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--bdgmafmfgs34qa4w Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hey Alan, Thank you very much for your work in maintaining fusefs. I only use fusefs in very limited circumstances, so take what I'm about to say with a grain of salt. On Thu, Mar 21, 2019 at 09:43:07AM -0600, Alan Somers wrote: > fusefs has several sysctl knobs that seem to be workarounds for bugs > in particular fuse daemons. However, there is no indication as to > which those daemons are, neither in the code nor in SVN. All of the > workarounds are at least 6.5 years old, so the original bugs may have > been fixed already. Since the original bugs aren't documented, I > consider these workarounds to be unmaintainable, and I'm planning to > delete them unless anybody objects. Please pipe up if you still use > them! >=20 > vfs.fusefs.mmap_enable: If non-zero, and data_cache_mode is also > non-zero, enable mmap(2) of FUSE files I'm curious if the security impacts of removing the toggle to disable mmap support for fusefs. Is there a per-fusefs replacement for mmap_enable? From a security perspective, it would be nice to keep the ability to disable mapping of files mounted on a fusefs. Thanks, --=20 Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal: +1 443-546-8752 Tor+XMPP+OTR: lattera@is.a.hacker.sx GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --bdgmafmfgs34qa4w Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKrq2ve9q9Ia+iT2eaoRlj1JFbu4FAlyTsjwACgkQaoRlj1JF bu4hYQ/9HMjVkNGD/f4Ww+73pu+4cmA6Uf3Jg63HdrBTrlo2GTPQ/+LvCvliiFcp 9ToSlF3cDQ5lXx3cIDRD4YsfcxvEj5VAw4g6HRPyIKIngA2WphrX2+MYallAq9mI z+Yk7FIb/T5/v7HHHH266iZAIDN43j2k2fr2odw01M4RPM/y7dXpJJOzA+dMsUup TAw9P+spa/R//6YXy80JcEJsrPN1YyoYmGmmlHdB084vN2Vr3Yd/8PVZfPbNeYXo D5FVGHHoGxUKqv5f76Ighgievl2Hg1taDyEhfH6S954TbqcX0lFQNB6X/txDbCiy l14ihYsDwrq/zbBQHFWQMnfmLM0UZo2mGF3XM2Q/4qbRHw/TLUeAO01Xjilj9sZp npks65bJ9t2EIpe6LxM1ZYGUSoRp/jIN52KBr6mlj5tp6TdCA0clfi/XsDrE4cXg E9rZwv791MF64CCEjgLGKKZ9yUcvyzB6esocg7IKYdEIc15fqQMISgFyj9V0UsJV kiObS0bmX232KkyqSRgRVqF6A+23fmgqKPjX7MXunHtpQeX0mULxNVjylWto5mhi OP5GwcTFti64ZNa9t/QVg7pQX7uKQCTyb1iY2opTpqCTxbCJWWM/xYadOSk9WAiy +vwl4ZaXmj6Aw1PudyNs/T0H78jzXI2l8homLHjBeaFjCulZCgE= =v3qm -----END PGP SIGNATURE----- --bdgmafmfgs34qa4w--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190321154817.2lgwjzl4o2urlmdw>