Re: RFC: ACLs on fusefs
- Reply: Alan Somers : "Re: RFC: ACLs on fusefs"
- In reply to: Alan Somers : "Re: RFC: ACLs on fusefs"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 03 Aug 2024 16:00:39 UTC
On Sat, Aug 03, 2024 at 09:03:38AM -0600, Alan Somers wrote: > On Fri, Aug 2, 2024 at 10:13 PM Jamie Landeg-Jones <jamie@catflap.org> wrote: > > > > Alan Somers <asomers@FreeBSD.org> wrote: > > > > > TLDR; > > > how useful would it be if fusefs(4) could support ACLs? > > > > I, personally, don't use ACLs generally, so have not missed them on > > fusefs. > > > > However, I do make extensive use of XATTRs, so those are what I've > > really missed. > > > > I didn't know xatrs were now supported - is that a new thing, or maybe > > the client I use (borgs sshfs implementation) needs to be updated? > > > > Cheers, Jamie > > Our fusefs has supported xattrs for a long time. But the specific > fuse file system needs support too. Looking right now, I don't see > any support in sysutils/fusefs-sshfs . In fact, I have a (significantly buggy) proof-of-concept fusefs server that stores file payload data as extended attributes. Since the tar file format supports extended attributes, this makes data exfiltration somewhat easier. Though, I suppose, since my proof-of-concept is buggy, using my solution would make data exfil somewhat more difficult. ;-) Hopefully someday, I'll have the time to finish the PoC and make it usable for production. PoC code: https://git.hardenedbsd.org/shawn.webb/altfs Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50 https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc