It was reported [1],[2] that the fusermount tool was vulnerable to a race condition between mounting a user filesystem and updating mtab using the standard mount command. If a user were able to win the race, the real mount entry and the mtab entry would differ, making the fuse-mounted filesystem not unmountable by an unprivileged user. Crafted mtab entries can then be used to trick fusermount into believing that a certain part of the filesystem is a user-space filesystem, and will unmount what should be a privileged filesystem (as demonstrated by unmounting /proc).
According to the SUSE bug report [3], this would affect fuse versions before 2.8.2 or util-linux before 2.17, and notes the following commits that correct the problem:
Relevant fuse commits:
4c3d9b1957 "Use '--no-canonicalize' option of mount(8)..."
0197ce4041 "Using --no-canonicalize with umount(8) conflicts with..."
It was reported [1],[2] that the fusermount tool was vulnerable to a race condition between mounting a user filesystem and updating mtab using the standard mount command. If a user were able to win the race, the real mount entry and the mtab entry would differ, making the fuse-mounted filesystem not unmountable by an unprivileged user. Crafted mtab entries can then be used to trick fusermount into believing that a certain part of the filesystem is a user-space filesystem, and will unmount what should be a privileged filesystem (as demonstrated by unmounting /proc).
According to the SUSE bug report [3], this would affect fuse versions before 2.8.2 or util-linux before 2.17, and notes the following commits that correct the problem:
Relevant fuse commits:
4c3d9b1957 "Use '--no-canonicalize' option of mount(8)..."
0197ce4041 "Using --no-canonicalize with umount(8) conflicts with..."
and util-linux commits:
45fc569a75 "mount: add --no-canonicalize option"
be9adec40f "mount: disable --no-canonicalize for non-root users"
[1] http:// www.halfdog. net/Security/ FuseTimerace/ seclists. org/fulldisclos ure/2010/ Nov/15 /bugzilla. novell. com/show_ bug.cgi? id=651598
[2] http://
[3] https:/