[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: what program sets up /run/user/1000/ ?



Hi,

On 2021-06-04 8:35 a.m., Thomas Schmitt wrote:
> Hi,
> 
> songbird wrote:
>>  some strange fs entry shows up:
>> # ls -l /run/user/1000
>> d????????? ? ?  ?    ?            ? doc
> 
> We had this topic a few day ago.
>   https://lists.debian.org/debian-user/2021/06/msg00020.html
> 
> I had some further private conversation with the OP John Conover which
> causes me to summarize the problem like this:
> 
> xdg-document-portal from package xdg-desktop-portal creates a FUSE mount
> point as "portal" for offering selected files to the user with the giveni
> id number (here: 1000).
>   https://flatpak.github.io/xdg-desktop-portal/portal-docs.html#gdbus-org.freedesktop.portal.Documents
> states
>  "The document portal allows to make files from the outside world
>   available to sandboxed applications in a controlled way.
>   Exported files will be made accessible to the application via a fuse
>   filesystem that gets mounted at /run/user/$UID/doc/."
> 
> Control is obviously to be done via systemd means. Probably by
>   /usr/lib/systemd/user/xdg-document-portal.service
> as mentioned in
>   https://packages.debian.org/buster/amd64/xdg-desktop-portal/filelist
> 
> It is the normal behavior of a FUSE mount point to deny any access to any
> other user including the superuser. See
>   https://github.com/libfuse/libfuse
>   "Security implications"
> which says
>   "No other user (including root) can access the contents of the mounted
>    filesystem (though this can be relaxed by allowing the use of the
>    allow_other and allow_root mount options in /etc/fuse.conf)"
> 
> Reason is probably that the kernel hands over its internal VFS calls to
> the FUSE driver program in userspace, which is then able to answer
> with arbitrary deception to the caller of the corresponding libc function.
> An old superuser might not expect to be served by code that did not go
> through kernel development scrutiny.
> 
> Relaxing this security precaution (as mentioned in above quote) might be
> a bad idea.
> I would rather disable xdg-document-portal in order to redice the risk
> rather than increasing it.
> 
> 
> Have a nice day :)
> 
> Thomas
> 
Thanks for this nice message.
That's a great proof that some people with knowledge (and smart) do run
GNOME.

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development

Attachment: OpenPGP_signature
Description: OpenPGP digital signature


Reply to: