fuse and glibc?
|
View:
New views
9 Messages
—
Rating Filter:
Alert me
|
 |
fuse and glibc?
by BJL
::
Rate this Message:
Hi, new to FUSE here. I was trying to understand how it worked, and saw
this diagram: http://fuse.sourceforge.net/fuse_structure.png Just to be sure, this is _not_ implying that FUSE only works with glibc right? That is, if an application happens to be using another library (eg bionic, dietlibc, etc), its filesystem calls are still properly directed to the FUSE kernel module right? Thanks in advance for any replies. - Nescio ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ fuse-devel mailing list fuse-devel@... https://lists.sourceforge.net/lists/listinfo/fuse-devel |
|
|
Re: fuse and glibc?
by Bugzilla from rudd-o@rudd-o.com
::
Rate this Message:
What i know is, any libc should work (Mac's does). You are welcome to
try. Sent from my iPhone On Nov 7, 2009, at 20:23, Nescio Nomen <nescionomen@...> wrote: > Hi, new to FUSE here. I was trying to understand how it worked, and > saw > this diagram: http://fuse.sourceforge.net/fuse_structure.png > > Just to be sure, this is _not_ implying that FUSE only works with > glibc > right? That is, if an application happens to be using another > library (eg > bionic, dietlibc, etc), its filesystem calls are still properly > directed to > the FUSE kernel module right? > > Thanks in advance for any replies. > - Nescio > --- > --- > --- > --------------------------------------------------------------------- > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 > 30-Day > trial. Simplify your report design, integration and deployment - and > focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > fuse-devel mailing list > fuse-devel@... > https://lists.sourceforge.net/lists/listinfo/fuse-devel ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ fuse-devel mailing list fuse-devel@... https://lists.sourceforge.net/lists/listinfo/fuse-devel |
|
|
Re: fuse and glibc?
by Jeffrey 'jf' Lim
::
Rate this Message:
On Sun, Nov 8, 2009 at 12:23 PM, Nescio Nomen <nescionomen@...> wrote:
> Hi, new to FUSE here. I was trying to understand how it worked, and saw > this diagram: http://fuse.sourceforge.net/fuse_structure.png > > Just to be sure, this is _not_ implying that FUSE only works with glibc > right? That is, if an application happens to be using another library (eg > bionic, dietlibc, etc), its filesystem calls are still properly directed to > the FUSE kernel module right? > > if your libc uses the same interfaces that libfuse does, I dont see why not. -jf -- In the meantime, here is your PSA: "It's so hard to write a graphics driver that open-sourcing it would not help." -- Andrew Fear, Software Product Manager, NVIDIA Corporation http://kerneltrap.org/node/7228 ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ fuse-devel mailing list fuse-devel@... https://lists.sourceforge.net/lists/listinfo/fuse-devel |
|
|
Re: fuse and glibc?
by BJL
::
Rate this Message:
Thanks Jeff (and Manuel, from earlier). The reason I ask is because I'm
curious how easy it is to break out of a FUSE file system that has been set as the root filesystem. How suitable is FUSE for implementing something like Sandboxie (http://www.sandboxie.com/)? Has someone done this already? On Sun, Nov 8, 2009 at 10:14 PM, Jeffrey 'jf' Lim <jfs.world@...>wrote: > On Sun, Nov 8, 2009 at 12:23 PM, Nescio Nomen <nescionomen@...>wrote: > >> Hi, new to FUSE here. I was trying to understand how it worked, and saw >> this diagram: http://fuse.sourceforge.net/fuse_structure.png >> >> Just to be sure, this is _not_ implying that FUSE only works with glibc >> right? That is, if an application happens to be using another library (eg >> bionic, dietlibc, etc), its filesystem calls are still properly directed >> to >> the FUSE kernel module right? >> >> > if your libc uses the same interfaces that libfuse does, I dont see why > not. > > -jf > > -- > In the meantime, here is your PSA: > "It's so hard to write a graphics driver that open-sourcing it would not > help." > -- Andrew Fear, Software Product Manager, NVIDIA Corporation > http://kerneltrap.org/node/7228 > > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ fuse-devel mailing list fuse-devel@... https://lists.sourceforge.net/lists/listinfo/fuse-devel |
|
|
Re: fuse and glibc?
by Jeffrey 'jf' Lim
::
Rate this Message:
On Mon, Nov 9, 2009 at 2:55 PM, Nescio Nomen <nescionomen@...> wrote:
> Thanks Jeff (and Manuel, from earlier). The reason I ask is because I'm > curious how easy it is to break out of a FUSE file system that has been set > as the root filesystem. How suitable is FUSE for implementing something > like Sandboxie (http://www.sandboxie.com/)? Has someone done this > already? > > a chroot would achieve the same thing. What would u specifically need fuse for? -jf -- In the meantime, here is your PSA: "It's so hard to write a graphics driver that open-sourcing it would not help." -- Andrew Fear, Software Product Manager, NVIDIA Corporation http://kerneltrap.org/node/7228 ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ fuse-devel mailing list fuse-devel@... https://lists.sourceforge.net/lists/listinfo/fuse-devel |
|
|
Re: fuse and glibc?
by Michael Raskin-4
::
Rate this Message:
Jeffrey 'jf' Lim wrote:
>> as the root filesystem. How suitable is FUSE for implementing something >> like Sandboxie (http://www.sandboxie.com/)? Has someone done this >> already? >> > a chroot would achieve the same thing. What would u specifically need fuse > for? > > -jf Well, it is convenient not to maintain chroots separately, but just configure unionfs writes and maybe shadow some files to prevent reading. Now, why unionfs is not enough is another question. I remember preparing a Fuse-Unionfs chroot because of its runtime configurability. I ended up with around 100 branches, though, and it had pitiful performance (tens of stats on file access are no good..). ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ fuse-devel mailing list fuse-devel@... https://lists.sourceforge.net/lists/listinfo/fuse-devel |
|
|
Re: fuse and glibc?
by BJL
::
Rate this Message:
Thanks Michael, I hadn't heard of UnionFS before actually. Sandboxie seems
to be somewhat different though. You can 'sandbox' an application so that its writes are redirected to some safe area on disk, but when you unsandbox later, you can choose to either 'commit' some subset of the writes or discard all of them. Or is this possible with UnionFS too? In either case it's more of a tool than a filesystem. I think I went off on a bit of a tangent though. I wasn't investigating how to build a Sandboxie-clone (although it sounds like fun) but whether or not it is possible to break out of a FUSE filesystem that has been set as the root filesystem. What options are available to a regular user (not superuser)? Generalizing a bit further, I am curious about the limits of FUSE's transparency. For instance, there is a loopback filesystem example in the FUSE tar. It seems to just forward all the calls to the backing filesystem. Let's say I change the root to be this loopback filesystem. Would any applications break? If so, why? On Mon, Nov 9, 2009 at 12:30 AM, Michael Raskin <fb08af68@...> wrote: > Jeffrey 'jf' Lim wrote: > >> as the root filesystem. How suitable is FUSE for implementing something > >> like Sandboxie (http://www.sandboxie.com/)? Has someone done this > >> already? > >> > > a chroot would achieve the same thing. What would u specifically need > fuse > > for? > > > > -jf > > Well, it is convenient not to maintain chroots separately, but just > configure unionfs writes and maybe shadow some files to prevent reading. > Now, why unionfs is not enough is another question. > > I remember preparing a Fuse-Unionfs chroot because of its runtime > configurability. I ended up with around 100 branches, though, and it had > pitiful performance (tens of stats on file access are no good..). > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ fuse-devel mailing list fuse-devel@... https://lists.sourceforge.net/lists/listinfo/fuse-devel |
|
|
Re: fuse and glibc?
by Michael Raskin-4
::
Rate this Message:
Nescio Nomen wrote:
> Thanks Michael, I hadn't heard of UnionFS before actually. Sandboxie > seems to be somewhat different though. You can 'sandbox' an application > so that its writes are redirected to some safe area on disk, but when > you unsandbox later, you can choose to either 'commit' some subset of > the writes or discard all of them. Or is this possible with UnionFS > too? In either case it's more of a tool than a filesystem. Well, committing may be done by copying some branches. You can make a tool around the FS, the question is what you need from the FS. > how to build a Sandboxie-clone (although it sounds like fun) but whether > or not it is possible to break out of a FUSE filesystem that has been > set as the root filesystem. What options are available to a regular First, there may be an exploitable bug in that specific FS.. Maybe there are bugs in FUSE. FUSE design doesn't look like it has some specific methods of chroot escaping hidden. But I didn't study it. > user (not superuser)? Generalizing a bit further, I am curious about > the limits of FUSE's transparency. For instance, there is a loopback http://sourceforge.net/apps/mediawiki/fuse/index.php?title=FUSE_Development_Roadmap There are some compatibility features. I have run LFS system with post-boot root on FUSE. It generally works. In Debian, though, apt-get needs mmap, so you need bind-mounting a directory from outside. > filesystem example in the FUSE tar. It seems to just forward all the > calls to the backing filesystem. Let's say I change the root to be this > loopback filesystem. Would any applications break? If so, why? ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ fuse-devel mailing list fuse-devel@... https://lists.sourceforge.net/lists/listinfo/fuse-devel |
|
|
Re: fuse and glibc?
by Goswin von Brederlow-2
::
Rate this Message:
Nescio Nomen <nescionomen@...> writes:
> Thanks Jeff (and Manuel, from earlier). The reason I ask is because I'm > curious how easy it is to break out of a FUSE file system that has been set > as the root filesystem. How suitable is FUSE for implementing something > like Sandboxie (http://www.sandboxie.com/)? Has someone done this already? If you mean root filesystem as in pivot_root then it is impossible for any application to break out. There simply is no out. They can though remain outside if they were outside before (which is why you pivot_root before starting other things) or they can break "in" so to speak. A chroot() call will change their personal root but only to something they can already reach. The problem, as seen from chroot experience, is that that is usualy the exploit. There is somewhere inside they can reach that should be "outside" only, like /proc/1/root. The only risk there is is that your FUSE FS is exploitable somehow. If you want to use something like unionfs fuse then that will need access to the filesystems it unions. And if the unionfs fuse can be exploited in some way then you could gain access to things that should be hidden. FYI unionfs fuse can't easily work as root yet. The "outside" filesystem will need to be visible "inside" for unionfs fuse to work. It need to be changed to use *at() calls before the "outside" can be hidden. But if you change that it is unlikely to be exploitable given the strict libfuse interface and small codesize. Easy to audit to make sure. MfG Goswin ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ fuse-devel mailing list fuse-devel@... https://lists.sourceforge.net/lists/listinfo/fuse-devel |
| Free embeddable forum powered by Nabble | Forum Help |
