HEAD'S UP: fusefs sysctls going away
Shawn Webb
shawn.webb at hardenedbsd.org
Thu Mar 21 15:49:03 UTC 2019
Hey Alan,
Thank you very much for your work in maintaining fusefs. I only use
fusefs in very limited circumstances, so take what I'm about to say
with a grain of salt.
On Thu, Mar 21, 2019 at 09:43:07AM -0600, Alan Somers wrote:
> fusefs has several sysctl knobs that seem to be workarounds for bugs
> in particular fuse daemons. However, there is no indication as to
> which those daemons are, neither in the code nor in SVN. All of the
> workarounds are at least 6.5 years old, so the original bugs may have
> been fixed already. Since the original bugs aren't documented, I
> consider these workarounds to be unmaintainable, and I'm planning to
> delete them unless anybody objects. Please pipe up if you still use
> them!
>
> vfs.fusefs.mmap_enable: If non-zero, and data_cache_mode is also
> non-zero, enable mmap(2) of FUSE files
I'm curious if the security impacts of removing the toggle to disable
mmap support for fusefs. Is there a per-fusefs replacement for
mmap_enable? From a security perspective, it would be nice to keep the
ability to disable mapping of files mounted on a fusefs.
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
Tor-ified Signal: +1 443-546-8752
Tor+XMPP+OTR: lattera at is.a.hacker.sx
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20190321/b9e6b6fb/attachment.sig>
More information about the freebsd-current
mailing list