Re: what program sets up /run/user/1000/ ?

To: Thomas Schmitt <scdbackup@gmx.net>
Cc: "User Mailing List (Debian)" <debian-user@lists.debian.org>
Subject: Re: what program sets up /run/user/1000/ ?
From: Polyna-Maude Racicot-Summerside <debian@polynamaude.com>
Date: Fri, 4 Jun 2021 08:37:28 -0400
Message-id: <[🔎] 4f0370b1-2072-16f3-8d6b-e5f7f3746281@polynamaude.com>
In-reply-to: <[🔎] 1121337589535600591@scdbackup.webframe.org>
References: <[🔎] 6vfpoh-vlb.ln1@anthive.com> <[🔎] 1121337589535600591@scdbackup.webframe.org>

Hi,

On 2021-06-04 8:35 a.m., Thomas Schmitt wrote:
> Hi,
> 
> songbird wrote:
>>  some strange fs entry shows up:
>> # ls -l /run/user/1000
>> d????????? ? ?  ?    ?            ? doc
> 
> We had this topic a few day ago.
>   https://lists.debian.org/debian-user/2021/06/msg00020.html
> 
> I had some further private conversation with the OP John Conover which
> causes me to summarize the problem like this:
> 
> xdg-document-portal from package xdg-desktop-portal creates a FUSE mount
> point as "portal" for offering selected files to the user with the giveni
> id number (here: 1000).
>   https://flatpak.github.io/xdg-desktop-portal/portal-docs.html#gdbus-org.freedesktop.portal.Documents
> states
>  "The document portal allows to make files from the outside world
>   available to sandboxed applications in a controlled way.
>   Exported files will be made accessible to the application via a fuse
>   filesystem that gets mounted at /run/user/$UID/doc/."
> 
> Control is obviously to be done via systemd means. Probably by
>   /usr/lib/systemd/user/xdg-document-portal.service
> as mentioned in
>   https://packages.debian.org/buster/amd64/xdg-desktop-portal/filelist
> 
> It is the normal behavior of a FUSE mount point to deny any access to any
> other user including the superuser. See
>   https://github.com/libfuse/libfuse
>   "Security implications"
> which says
>   "No other user (including root) can access the contents of the mounted
>    filesystem (though this can be relaxed by allowing the use of the
>    allow_other and allow_root mount options in /etc/fuse.conf)"
> 
> Reason is probably that the kernel hands over its internal VFS calls to
> the FUSE driver program in userspace, which is then able to answer
> with arbitrary deception to the caller of the corresponding libc function.
> An old superuser might not expect to be served by code that did not go
> through kernel development scrutiny.
> 
> Relaxing this security precaution (as mentioned in above quote) might be
> a bad idea.
> I would rather disable xdg-document-portal in order to redice the risk
> rather than increasing it.
> 
> 
> Have a nice day :)
> 
> Thomas
> 
Thanks for this nice message.
That's a great proof that some people with knowledge (and smart) do run
GNOME.

-- 
Polyna-Maude R.-Summerside
-Be smart, Be wise, Support opensource development

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: what program sets up /run/user/1000/ ?
  - From: "Thomas Schmitt" <scdbackup@gmx.net>

References:
- what program sets up /run/user/1000/ ?
  - From: songbird <songbird@anthive.com>
- Re: what program sets up /run/user/1000/ ?
  - From: "Thomas Schmitt" <scdbackup@gmx.net>

Prev by Date: Re: How do I permanently disable unattended downloads of software/security updates?
Next by Date: Re: what program sets up /run/user/1000/ ?
Previous by thread: Re: what program sets up /run/user/1000/ ?
Next by thread: Re: what program sets up /run/user/1000/ ?
Index(es):
- Date
- Thread