Issue 3 in chironfs: Problems with ChironFS over sshFS

3 views
Skip to first unread message

codesite...@google.com

unread,
Jul 14, 2008, 12:59:59 PM7/14/08
to chiron...@googlegroups.com
Issue 3: Problems with ChironFS over sshFS
http://code.google.com/p/chironfs/issues/detail?id=3

Comment #8 by luisfurquim:
Hello Felipe

I've tested and reproduced the problem you reported.

When you create a file in ChironFS, it has to create a file in each of the
replicas. Because ChironFS is a userspace filesystem and not a kernel module,
all the operations it makes are made as the mounting user. So, as you mounted
as felipem, any operation is made as felipem. Creating a file means
creating a
file owned by felipem. If you mount ChironFS with the option
allow_other, you
enable other users (in this case other than felipem) to ACCESS the filesystem.
But the operations in each replicas are made by the ChironFS daemon on behalf
of the caller process. So, if user john creates a file in ChironFS,
which was
mounted by user felipem, ChironFS will create it as felipem. This were a
vulnerability in ChironFS in versions before RC7. So, to avoid this, ChironFS
does a chown in every file created to the uid of the calling process.

This is the problem you are facing now: your local user felipem is
telling to
the remote user felipe to change the uid of the file to felipem. But in
the remote
machine, the user felipe doesn't have enough rights to do so.

Currently you only have the option of running sshfs with root as the remote
user (sshfs root@remotehost /localpath). You may tell sshfs to map the remote
uid to you local uid using the option "-o idmap=user", so every file owned
remotely by root will appear locally as being owned by felipem.

This may be a solution, but maybe it can't be applied to your real situation
if you doesn't have root access to the remote machine.

So, to deal with it, I will introduce a new command-line option which
will tell
ChironFS to not try to chown the file once it is created. As it will be an
optional behaviour, not the default, no security problem will be
raised: the
user will be advised to use it only if he knows what he is doing and
warned to
don't use it in conjunction with allow_other.

This new version will be available soon. I will provide a backport to
1.0 series
later.

Thank you for your attention
Best Regards!

Luis Otavio


Issue attribute updates:
Status: Started

--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings

codesite...@google.com

unread,
Jul 17, 2008, 2:20:38 PM7/17/08
to chiron...@googlegroups.com
Issue 3: Problems with ChironFS over sshFS
http://code.google.com/p/chironfs/issues/detail?id=3

Comment #9 by meyerbro:
Hi Luis, do you have a new RPM Version of ChironFS for OpenSuse?
Because I found only
the version 1.0.0 of it.

Thanks,
Felipe

Reply all
Reply to author
Forward
0 new messages