.gvfs can't be stat'd by root causing backup tools to fail
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gvfs |
Expired
|
Medium
|
|||
gvfs (ALT Linux) |
Expired
|
Medium
|
|||
gvfs (Ubuntu) |
Fix Released
|
Medium
|
Ubuntu Desktop Bugs |
Bug Description
Problem
=======
For security reasons ( possible DoS ), other users (esp. root) cannot access a fuse filesystem, and not even stat the mountpoint:
$ sudo stat .gvfs
stat: cannot stat `.gvfs': Permission denied
$ sudo ls -la
ls: cannot access .gvfs: Permission denied
d????????? ? ? ? ? ? .gvfs
This means "rsync --one-file-system" (and similar options for find, tar...) cannot know this is a different file system they actually want to exclude, and fail on the permission denied error.
Please note that it is GOOD AND CORRECT that root cannot copy the .gvfs directory. The real problem is that the stat fails.
Workarounds
===========
* bind-mount the file system you want to backup beforehand (see comment #67)
See also
=======
* Excellent description of the problem in bug 227724
* fuse-devel mailing list saying this will all be solved someday using "private namespaces"
http://
http://
http://
* Kernel documentation explaing the DoS
http://
Changed in gvfs: | |
status: | Unknown → New |
Changed in gvfs: | |
status: | New → Invalid |
Changed in gvfs: | |
status: | Unknown → New |
Changed in gvfs: | |
status: | Invalid → Unknown |
summary: |
- ~/.gvfs causes various errors + other users don't have access to .gvfs |
Changed in gvfs: | |
status: | Unknown → New |
Changed in gvfs: | |
importance: | Unknown → Medium |
Changed in gvfs (ALT Linux): | |
importance: | Unknown → Medium |
summary: |
- other users don't have access to .gvfs + .gvfs can't be stat'd by root causing backup tools to fail |
description: | updated |
description: | updated |
Changed in gvfs: | |
status: | New → Confirmed |
Changed in gvfs (ALT Linux): | |
status: | New → Confirmed |
Changed in gvfs: | |
status: | Confirmed → Expired |
Changed in gvfs (ALT Linux): | |
status: | Confirmed → Expired |
> drwx------ 2 wg wg 4096 2008-04-25 23:12 /home/user/.gvfs
I'm sorry, I forgot to replace "wg" (the real user name) by "user" for readability:
drwx------ 2 user user 4096 2008-04-25 23:12 /home/user/.gvfs