SlideShare uma empresa Scribd logo

FUSE (Filesystem in Userspace) on OpenSolaris

elliando dias
elliando dias
TecnologiaNotícias e política
1 de 14
Baixar para ler offline
FUSE (Filesystem in Userspace) on OpenSolaris (2009/119) PSARC Inception Review March 25, 2009 William Krier 1
FUSE on OpenSolaris (2009/119) ● What is FUSE ● How FUSE Works ● High Level Design Diagram ● FUSE File System API ● FUSE Protocol Specification ● Security Concerns ● FUSE Mounts ● Privilege Escalation ● Block Device Access ● File System Access Control 2
What Is FUSE • FUSE is a framework which makes it possible to implement a filesystem in a userspace program. • Features include: > simple yet comprehensive API > secure mounting by non-root users > multi-threaded operation • Originally developed for Linux and currently runs on 2.4 and 2.6 Linux kernels • Maintained at fuse.sourceforge.net • Ported to FreeBSD (fuse4bsd) and Mac OS X • FUSE library remains the same across platforms 3
How FUSE Works • FUSE framework consists of 2 components > FUSE user space library (libfuse.so) – provides framework and exports FUSE API > FUSE kernel module – virtual file system (fusefs) – character device (/dev/fuse) • FUSE kernel module redirects vfs calls to the FUSE library via the FUSE character device • Example FUSE file systems > ntfs-3g > sshfs > davfs 4
High Level Design Diagram FUSE Filesystem ls -l /mnt/fuse libfuse libc libc userspace kernel fusefs fusedev fuse module VFS zfs nfsv2 5
How FUSE Works (cont.) • FUSE kernel module registers with VFS. • FUSE user space file system will link with FUSE library and provides: > Register file operation methods w/ library – struct fuse_operations – getattr, mknod, create, read, write, readdir, readlink, getdir, mknod, chmod, etc. > Mount point and options • FUSE library calls the mount() system call > filesystem type is “fuse” > filehandle of /dev/fuse passed as option • Filesystem calls are passed to FUSE library which invokes associated fuse operation in FUSE filesystem. 6
FUSE File System API • FUSE file systems use the FUSE API specification to implement necessary file system operations > Current version of FUSE API is 2.7 > Interface is classified as Volatile > The API is documented in FUSE_API_Specification.pdf 7
FUSE Protocol Specification • Kernel module communicates with FUSE library via the fuse character device > During mount, the library opens /dev/fuse and passes file descriptor to kernel. > The minor device number is associated with mount point via vfsp->vfs_dev • Messages are passed via the FUSE device's read/write methods. • FUSE messages are defined by the FUSE Protocol specification (version 7.8) > Protocol is classified as Project Private > Protocol is documented in FUSE_Protocol_Specification.pdf 8
FUSE Security Concerns • Authorization for non-privileged users to perform file system mounts • Privilege level escalation for non-privileged mounts • Access to block devices for non-privileged mounts • File system-specific access control 9
FUSE Mounts • FUSE supports non-privileged mounts • Accomplished by adding profile to /etc/security/prof_attr > FUSE File System Management:::Mount and unmount FUSE filesystems:FUSE.html • Consist of a single execution authorization in /etc/security/exec_attr > granting sys_mount privilege to FUSE mount/unmount programs > FUSE File System Management:solaris:cmd:::/usr/bin/fusermount.bin:privs=sys_mount • Profile must be manually added to users by administrator after installation. 10
Privilege Escalation DoS Possibilities with Non-privileged Mounts • FUSE file systems are only accessible to the user who mounted file system. > Prevents FUSE file system daemon from having ptrace-like capabilities and > Prevents denial of service for the requesting process (stalling system calls) • Mount option to allow access to other non-root users • Mount option to allow access to root 11
Block Device Access • For FUSE file systems that are backed by block device (ie ntfs-3g) • Non-root users must have read/write access to block device for non-privilege mount • Create “fuse” group and add write-allow ACE for specific block device. • Must be done manually by administrator. 12
File System Access Control • By default, FUSE leaves all access control to the file system. • Mount option to enable FUSE to enforce access control. > only allows UNIX-style permission checking, bypassing more sophisticated access controls that may be present in the file system. > does not have direct access to file permissions. (only see what file system presents) • Disposition of file ownership varies by file system. > ntfs-3g presents owner as user who mounted fs. > sshfs presents owner as reported by remote host. 13
FUSE on OpenSolaris (2009/119) William Krier William.Krier@sun.com 14

Recomendados

FUSE Developing Fillesystems in userspace
FUSE Developing Fillesystems in userspaceFUSE Developing Fillesystems in userspace
FUSE Developing Fillesystems in userspaceelliando dias
 
Fuse- Filesystem in User space
Fuse- Filesystem in User space Fuse- Filesystem in User space
Fuse- Filesystem in User space Danny Tseng
 
Python Fuse
Python FusePython Fuse
Python FuseMatteo Bertozzi
 
PythonFuse (PyCon4)
PythonFuse (PyCon4)PythonFuse (PyCon4)
PythonFuse (PyCon4)Matteo Bertozzi
 
Writing flexible filesystems in FUSE-Python
Writing flexible filesystems in FUSE-PythonWriting flexible filesystems in FUSE-Python
Writing flexible filesystems in FUSE-PythonAnurag Patel
 
FUSE and beyond: bridging filesystems slides by Emmanuel Dreyfus
FUSE and beyond: bridging filesystems slides by Emmanuel DreyfusFUSE and beyond: bridging filesystems slides by Emmanuel Dreyfus
FUSE and beyond: bridging filesystems slides by Emmanuel Dreyfuseurobsdcon
 
Python & FUSE
Python & FUSEPython & FUSE
Python & FUSEJoseph Scott
 
11 linux filesystem copy
11 linux filesystem copy11 linux filesystem copy
11 linux filesystem copyShay Cohen
 

Recomendados

FUSE Developing Fillesystems in userspace
FUSE Developing Fillesystems in userspaceFUSE Developing Fillesystems in userspace
FUSE Developing Fillesystems in userspaceelliando dias
 
Fuse- Filesystem in User space
Fuse- Filesystem in User space Fuse- Filesystem in User space
Fuse- Filesystem in User space Danny Tseng
 
Python Fuse
Python FusePython Fuse
Python FuseMatteo Bertozzi
 
PythonFuse (PyCon4)
PythonFuse (PyCon4)PythonFuse (PyCon4)
PythonFuse (PyCon4)Matteo Bertozzi
 
Writing flexible filesystems in FUSE-Python
Writing flexible filesystems in FUSE-PythonWriting flexible filesystems in FUSE-Python
Writing flexible filesystems in FUSE-PythonAnurag Patel
 
FUSE and beyond: bridging filesystems slides by Emmanuel Dreyfus
FUSE and beyond: bridging filesystems slides by Emmanuel DreyfusFUSE and beyond: bridging filesystems slides by Emmanuel Dreyfus
FUSE and beyond: bridging filesystems slides by Emmanuel Dreyfuseurobsdcon
 
Python & FUSE
Python & FUSEPython & FUSE
Python & FUSEJoseph Scott
 
11 linux filesystem copy
11 linux filesystem copy11 linux filesystem copy
11 linux filesystem copyShay Cohen
 
Lecture 5 Kernel Development
Lecture 5 Kernel DevelopmentLecture 5 Kernel Development
Lecture 5 Kernel DevelopmentMohammed Farrag
 
File Systems
File SystemsFile Systems
File SystemsAnil Kumar Pugalia
 
[ArabBSD] Unix Basics
[ArabBSD] Unix Basics[ArabBSD] Unix Basics
[ArabBSD] Unix BasicsMohammed Farrag
 
Ch12
Ch12Ch12
Ch12Raja Waseem Akhtar
 
unix training | unix training videos | unix course unix online training
unix training | unix training videos | unix course unix online training unix training | unix training videos | unix course unix online training
unix training | unix training videos | unix course unix online training Nancy Thomas
 
101 4.3 control mounting and unmounting of filesystems
101 4.3 control mounting and unmounting of filesystems101 4.3 control mounting and unmounting of filesystems
101 4.3 control mounting and unmounting of filesystemsAcácio Oliveira
 
Unixfs
UnixfsUnixfs
UnixfsLinh Nguyễn Thanh
 
Linux
LinuxLinux
Linuxkeydak11
 
101 1.1 hardware settings
101 1.1 hardware settings101 1.1 hardware settings
101 1.1 hardware settingsAcácio Oliveira
 
101 2.2 install boot manager
101 2.2 install boot manager101 2.2 install boot manager
101 2.2 install boot managerAcácio Oliveira
 
Lecture 4 FreeBSD Security + FreeBSD Jails + MAC Security Framework
Lecture 4 FreeBSD Security + FreeBSD Jails + MAC Security FrameworkLecture 4 FreeBSD Security + FreeBSD Jails + MAC Security Framework
Lecture 4 FreeBSD Security + FreeBSD Jails + MAC Security FrameworkMohammed Farrag
 
Lect12
Lect12Lect12
Lect12Vin Voro
 
How to design a file system
How to design a file systemHow to design a file system
How to design a file systemNikhil Anurag VN
 
101 1.2 boot the system
101 1.2 boot the system101 1.2 boot the system
101 1.2 boot the systemAcácio Oliveira
 
pptdisk
pptdiskpptdisk
pptdiskMukhtiar ali burfat
 
Lecture1 Introduction
Lecture1 IntroductionLecture1 Introduction
Lecture1 IntroductionMohammed Farrag
 
Operating Systems 1
Operating Systems 1Operating Systems 1
Operating Systems 1hutchison
 
IgniteATL - Hackintoshing
IgniteATL - HackintoshingIgniteATL - Hackintoshing
IgniteATL - HackintoshingMatt Smith
 
Centos
CentosCentos
Centossandyy12
 
Programming Embedded linux
Programming Embedded linuxProgramming Embedded linux
Programming Embedded linuxLiran Ben Haim
 
FUSE and beyond: bridging filesystems paper by Emmanuel Dreyfus
FUSE and beyond: bridging filesystems paper by Emmanuel DreyfusFUSE and beyond: bridging filesystems paper by Emmanuel Dreyfus
FUSE and beyond: bridging filesystems paper by Emmanuel Dreyfuseurobsdcon
 
Network File System
Network File SystemNetwork File System
Network File SystemDivyang Oza
 

Mais conteúdo relacionado

Mais procurados

Lecture 5 Kernel Development
Lecture 5 Kernel DevelopmentLecture 5 Kernel Development
Lecture 5 Kernel DevelopmentMohammed Farrag
 
unix training | unix training videos | unix course unix online training
unix training | unix training videos | unix course unix online training unix training | unix training videos | unix course unix online training
unix training | unix training videos | unix course unix online training Nancy Thomas
 
101 4.3 control mounting and unmounting of filesystems
101 4.3 control mounting and unmounting of filesystems101 4.3 control mounting and unmounting of filesystems
101 4.3 control mounting and unmounting of filesystemsAcácio Oliveira
 
101 2.2 install boot manager
101 2.2 install boot manager101 2.2 install boot manager
101 2.2 install boot managerAcácio Oliveira
 
Lecture 4 FreeBSD Security + FreeBSD Jails + MAC Security Framework
Lecture 4 FreeBSD Security + FreeBSD Jails + MAC Security FrameworkLecture 4 FreeBSD Security + FreeBSD Jails + MAC Security Framework
Lecture 4 FreeBSD Security + FreeBSD Jails + MAC Security FrameworkMohammed Farrag
 
How to design a file system
How to design a file systemHow to design a file system
How to design a file systemNikhil Anurag VN
 
Operating Systems 1
Operating Systems 1Operating Systems 1
Operating Systems 1hutchison
 
IgniteATL - Hackintoshing
IgniteATL - HackintoshingIgniteATL - Hackintoshing
IgniteATL - HackintoshingMatt Smith
 
Programming Embedded linux
Programming Embedded linuxProgramming Embedded linux
Programming Embedded linuxLiran Ben Haim
 

Mais procurados (20)

Lecture 5 Kernel Development
Lecture 5 Kernel DevelopmentLecture 5 Kernel Development
Lecture 5 Kernel Development
 
File Systems
File SystemsFile Systems
File Systems
 
[ArabBSD] Unix Basics
[ArabBSD] Unix Basics[ArabBSD] Unix Basics
[ArabBSD] Unix Basics
 
Ch12
Ch12Ch12
Ch12
 
unix training | unix training videos | unix course unix online training
unix training | unix training videos | unix course unix online training unix training | unix training videos | unix course unix online training
unix training | unix training videos | unix course unix online training
 
101 4.3 control mounting and unmounting of filesystems
101 4.3 control mounting and unmounting of filesystems101 4.3 control mounting and unmounting of filesystems
101 4.3 control mounting and unmounting of filesystems
 
Unixfs
UnixfsUnixfs
Unixfs
 
Linux
LinuxLinux
Linux
 
101 1.1 hardware settings
101 1.1 hardware settings101 1.1 hardware settings
101 1.1 hardware settings
 
101 2.2 install boot manager
101 2.2 install boot manager101 2.2 install boot manager
101 2.2 install boot manager
 
Lecture 4 FreeBSD Security + FreeBSD Jails + MAC Security Framework
Lecture 4 FreeBSD Security + FreeBSD Jails + MAC Security FrameworkLecture 4 FreeBSD Security + FreeBSD Jails + MAC Security Framework
Lecture 4 FreeBSD Security + FreeBSD Jails + MAC Security Framework
 
Lect12
Lect12Lect12
Lect12
 
How to design a file system
How to design a file systemHow to design a file system
How to design a file system
 
101 1.2 boot the system
101 1.2 boot the system101 1.2 boot the system
101 1.2 boot the system
 
pptdisk
pptdiskpptdisk
pptdisk
 
Lecture1 Introduction
Lecture1 IntroductionLecture1 Introduction
Lecture1 Introduction
 
Operating Systems 1
Operating Systems 1Operating Systems 1
Operating Systems 1
 
IgniteATL - Hackintoshing
IgniteATL - HackintoshingIgniteATL - Hackintoshing
IgniteATL - Hackintoshing
 
Centos
CentosCentos
Centos
 
Programming Embedded linux
Programming Embedded linuxProgramming Embedded linux
Programming Embedded linux
 

Semelhante a FUSE (Filesystem in Userspace) on OpenSolaris

FUSE and beyond: bridging filesystems paper by Emmanuel Dreyfus
FUSE and beyond: bridging filesystems paper by Emmanuel DreyfusFUSE and beyond: bridging filesystems paper by Emmanuel Dreyfus
FUSE and beyond: bridging filesystems paper by Emmanuel Dreyfuseurobsdcon
 
Network File System
Network File SystemNetwork File System
Network File SystemDivyang Oza
 
Fuse'ing python for rapid development of storage efficient
Fuse'ing python for rapid development of storage efficientFuse'ing python for rapid development of storage efficient
Fuse'ing python for rapid development of storage efficientVishal Kanaujia
 
Poking The Filesystem For Fun And Profit
Poking The Filesystem For Fun And ProfitPoking The Filesystem For Fun And Profit
Poking The Filesystem For Fun And Profitssusera432ea1
 
Course 102: Lecture 27: FileSystems in Linux (Part 2)
Course 102: Lecture 27: FileSystems in Linux (Part 2)Course 102: Lecture 27: FileSystems in Linux (Part 2)
Course 102: Lecture 27: FileSystems in Linux (Part 2)Ahmed El-Arabawy
 
Presentation on nfs,afs,vfs
Presentation on nfs,afs,vfsPresentation on nfs,afs,vfs
Presentation on nfs,afs,vfsPrakriti Dubey
 
Unix Operating System
Unix Operating SystemUnix Operating System
Unix Operating Systemsubhsikha
 
Andrew File System
Andrew File SystemAndrew File System
Andrew File SystemAshish KC
 
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...The Linux Foundation
 
Linux fs structure (1)
Linux fs structure (1)Linux fs structure (1)
Linux fs structure (1)E. Rahul Naidu
 
guadec_rlove_fuse_2006
guadec_rlove_fuse_2006guadec_rlove_fuse_2006
guadec_rlove_fuse_2006webuploader
 
KVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSE
KVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSEKVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSE
KVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSEIJNSA Journal
 
KVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSE
KVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSEKVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSE
KVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSEIJNSA Journal
 
7 unixsecurity
7 unixsecurity7 unixsecurity
7 unixsecurityricharddxd
 
AIXpert - AIX Security expert
AIXpert - AIX Security expertAIXpert - AIX Security expert
AIXpert - AIX Security expertdlfrench
 
Linux26 New Features
Linux26 New FeaturesLinux26 New Features
Linux26 New Featuresguest491c69
 

Semelhante a FUSE (Filesystem in Userspace) on OpenSolaris (20)

FUSE and beyond: bridging filesystems paper by Emmanuel Dreyfus
FUSE and beyond: bridging filesystems paper by Emmanuel DreyfusFUSE and beyond: bridging filesystems paper by Emmanuel Dreyfus
FUSE and beyond: bridging filesystems paper by Emmanuel Dreyfus
 
Network File System
Network File SystemNetwork File System
Network File System
 
Fuse'ing python for rapid development of storage efficient
Fuse'ing python for rapid development of storage efficientFuse'ing python for rapid development of storage efficient
Fuse'ing python for rapid development of storage efficient
 
Poking The Filesystem For Fun And Profit
Poking The Filesystem For Fun And ProfitPoking The Filesystem For Fun And Profit
Poking The Filesystem For Fun And Profit
 
Course 102: Lecture 27: FileSystems in Linux (Part 2)
Course 102: Lecture 27: FileSystems in Linux (Part 2)Course 102: Lecture 27: FileSystems in Linux (Part 2)
Course 102: Lecture 27: FileSystems in Linux (Part 2)
 
Presentation on nfs,afs,vfs
Presentation on nfs,afs,vfsPresentation on nfs,afs,vfs
Presentation on nfs,afs,vfs
 
Unix Operating System
Unix Operating SystemUnix Operating System
Unix Operating System
 
Linux remote
Linux remoteLinux remote
Linux remote
 
Andrew File System
Andrew File SystemAndrew File System
Andrew File System
 
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...
 
Linux fs structure (1)
Linux fs structure (1)Linux fs structure (1)
Linux fs structure (1)
 
guadec_rlove_fuse_2006
guadec_rlove_fuse_2006guadec_rlove_fuse_2006
guadec_rlove_fuse_2006
 
Nfs
NfsNfs
Nfs
 
KVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSE
KVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSEKVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSE
KVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSE
 
KVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSE
KVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSEKVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSE
KVEFS: Encrypted File System based on Distributed Key-Value Stores and FUSE
 
7 unixsecurity
7 unixsecurity7 unixsecurity
7 unixsecurity
 
Fsoss12
Fsoss12Fsoss12
Fsoss12
 
AIXpert - AIX Security expert
AIXpert - AIX Security expertAIXpert - AIX Security expert
AIXpert - AIX Security expert
 
Linux26 New Features
Linux26 New FeaturesLinux26 New Features
Linux26 New Features
 
5.distributed file systems
5.distributed file systems5.distributed file systems
5.distributed file systems
 

Mais de elliando dias

Clojurescript slides
Clojurescript slidesClojurescript slides
Clojurescript slideselliando dias
 
Why you should be excited about ClojureScript
Why you should be excited about ClojureScriptWhy you should be excited about ClojureScript
Why you should be excited about ClojureScriptelliando dias
 
Functional Programming with Immutable Data Structures
Functional Programming with Immutable Data StructuresFunctional Programming with Immutable Data Structures
Functional Programming with Immutable Data Structureselliando dias
 
Nomenclatura e peças de container
Nomenclatura e peças de containerNomenclatura e peças de container
Nomenclatura e peças de containerelliando dias
 
Polyglot and Poly-paradigm Programming for Better Agility
Polyglot and Poly-paradigm Programming for Better AgilityPolyglot and Poly-paradigm Programming for Better Agility
Polyglot and Poly-paradigm Programming for Better Agilityelliando dias
 
Javascript Libraries
Javascript LibrariesJavascript Libraries
Javascript Librarieselliando dias
 
How to Make an Eight Bit Computer and Save the World!
How to Make an Eight Bit Computer and Save the World!How to Make an Eight Bit Computer and Save the World!
How to Make an Eight Bit Computer and Save the World!elliando dias
 
A Practical Guide to Connecting Hardware to the Web
A Practical Guide to Connecting Hardware to the WebA Practical Guide to Connecting Hardware to the Web
A Practical Guide to Connecting Hardware to the Webelliando dias
 
Introdução ao Arduino
Introdução ao ArduinoIntrodução ao Arduino
Introdução ao Arduinoelliando dias
 
Incanter Data Sorcery
Incanter Data SorceryIncanter Data Sorcery
Incanter Data Sorceryelliando dias
 
Fab.in.a.box - Fab Academy: Machine Design
Fab.in.a.box - Fab Academy: Machine DesignFab.in.a.box - Fab Academy: Machine Design
Fab.in.a.box - Fab Academy: Machine Designelliando dias
 
The Digital Revolution: Machines that makes
The Digital Revolution: Machines that makesThe Digital Revolution: Machines that makes
The Digital Revolution: Machines that makeselliando dias
 
Hadoop - Simple. Scalable.
Hadoop - Simple. Scalable.Hadoop - Simple. Scalable.
Hadoop - Simple. Scalable.elliando dias
 
Hadoop and Hive Development at Facebook
Hadoop and Hive Development at FacebookHadoop and Hive Development at Facebook
Hadoop and Hive Development at Facebookelliando dias
 
Multi-core Parallelization in Clojure - a Case Study
Multi-core Parallelization in Clojure - a Case StudyMulti-core Parallelization in Clojure - a Case Study
Multi-core Parallelization in Clojure - a Case Studyelliando dias
 

Mais de elliando dias (20)

Clojurescript slides
Clojurescript slidesClojurescript slides
Clojurescript slides
 
Why you should be excited about ClojureScript
Why you should be excited about ClojureScriptWhy you should be excited about ClojureScript
Why you should be excited about ClojureScript
 
Functional Programming with Immutable Data Structures
Functional Programming with Immutable Data StructuresFunctional Programming with Immutable Data Structures
Functional Programming with Immutable Data Structures
 
Nomenclatura e peças de container
Nomenclatura e peças de containerNomenclatura e peças de container
Nomenclatura e peças de container
 
Geometria Projetiva
Geometria ProjetivaGeometria Projetiva
Geometria Projetiva
 
Polyglot and Poly-paradigm Programming for Better Agility
Polyglot and Poly-paradigm Programming for Better AgilityPolyglot and Poly-paradigm Programming for Better Agility
Polyglot and Poly-paradigm Programming for Better Agility
 
Javascript Libraries
Javascript LibrariesJavascript Libraries
Javascript Libraries
 
How to Make an Eight Bit Computer and Save the World!
How to Make an Eight Bit Computer and Save the World!How to Make an Eight Bit Computer and Save the World!
How to Make an Eight Bit Computer and Save the World!
 
Ragel talk
Ragel talkRagel talk
Ragel talk
 
A Practical Guide to Connecting Hardware to the Web
A Practical Guide to Connecting Hardware to the WebA Practical Guide to Connecting Hardware to the Web
A Practical Guide to Connecting Hardware to the Web
 
Introdução ao Arduino
Introdução ao ArduinoIntrodução ao Arduino
Introdução ao Arduino
 
Minicurso arduino
Minicurso arduinoMinicurso arduino
Minicurso arduino
 
Incanter Data Sorcery
Incanter Data SorceryIncanter Data Sorcery
Incanter Data Sorcery
 
Rango
RangoRango
Rango
 
Fab.in.a.box - Fab Academy: Machine Design
Fab.in.a.box - Fab Academy: Machine DesignFab.in.a.box - Fab Academy: Machine Design
Fab.in.a.box - Fab Academy: Machine Design
 
The Digital Revolution: Machines that makes
The Digital Revolution: Machines that makesThe Digital Revolution: Machines that makes
The Digital Revolution: Machines that makes
 
Hadoop + Clojure
Hadoop + ClojureHadoop + Clojure
Hadoop + Clojure
 
Hadoop - Simple. Scalable.
Hadoop - Simple. Scalable.Hadoop - Simple. Scalable.
Hadoop - Simple. Scalable.
 
Hadoop and Hive Development at Facebook
Hadoop and Hive Development at FacebookHadoop and Hive Development at Facebook
Hadoop and Hive Development at Facebook
 
Multi-core Parallelization in Clojure - a Case Study
Multi-core Parallelization in Clojure - a Case StudyMulti-core Parallelization in Clojure - a Case Study
Multi-core Parallelization in Clojure - a Case Study
 

Último

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Último (20)

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

FUSE (Filesystem in Userspace) on OpenSolaris

  • 1. FUSE (Filesystem in Userspace) on OpenSolaris (2009/119) PSARC Inception Review March 25, 2009 William Krier 1
  • 2. FUSE on OpenSolaris (2009/119) ● What is FUSE ● How FUSE Works ● High Level Design Diagram ● FUSE File System API ● FUSE Protocol Specification ● Security Concerns ● FUSE Mounts ● Privilege Escalation ● Block Device Access ● File System Access Control 2
  • 3. What Is FUSE • FUSE is a framework which makes it possible to implement a filesystem in a userspace program. • Features include: > simple yet comprehensive API > secure mounting by non-root users > multi-threaded operation • Originally developed for Linux and currently runs on 2.4 and 2.6 Linux kernels • Maintained at fuse.sourceforge.net • Ported to FreeBSD (fuse4bsd) and Mac OS X • FUSE library remains the same across platforms 3
  • 4. How FUSE Works • FUSE framework consists of 2 components > FUSE user space library (libfuse.so) – provides framework and exports FUSE API > FUSE kernel module – virtual file system (fusefs) – character device (/dev/fuse) • FUSE kernel module redirects vfs calls to the FUSE library via the FUSE character device • Example FUSE file systems > ntfs-3g > sshfs > davfs 4
  • 5. High Level Design Diagram FUSE Filesystem ls -l /mnt/fuse libfuse libc libc userspace kernel fusefs fusedev fuse module VFS zfs nfsv2 5
  • 6. How FUSE Works (cont.) • FUSE kernel module registers with VFS. • FUSE user space file system will link with FUSE library and provides: > Register file operation methods w/ library – struct fuse_operations – getattr, mknod, create, read, write, readdir, readlink, getdir, mknod, chmod, etc. > Mount point and options • FUSE library calls the mount() system call > filesystem type is “fuse” > filehandle of /dev/fuse passed as option • Filesystem calls are passed to FUSE library which invokes associated fuse operation in FUSE filesystem. 6
  • 7. FUSE File System API • FUSE file systems use the FUSE API specification to implement necessary file system operations > Current version of FUSE API is 2.7 > Interface is classified as Volatile > The API is documented in FUSE_API_Specification.pdf 7
  • 8. FUSE Protocol Specification • Kernel module communicates with FUSE library via the fuse character device > During mount, the library opens /dev/fuse and passes file descriptor to kernel. > The minor device number is associated with mount point via vfsp->vfs_dev • Messages are passed via the FUSE device's read/write methods. • FUSE messages are defined by the FUSE Protocol specification (version 7.8) > Protocol is classified as Project Private > Protocol is documented in FUSE_Protocol_Specification.pdf 8
  • 9. FUSE Security Concerns • Authorization for non-privileged users to perform file system mounts • Privilege level escalation for non-privileged mounts • Access to block devices for non-privileged mounts • File system-specific access control 9
  • 10. FUSE Mounts • FUSE supports non-privileged mounts • Accomplished by adding profile to /etc/security/prof_attr > FUSE File System Management:::Mount and unmount FUSE filesystems:FUSE.html • Consist of a single execution authorization in /etc/security/exec_attr > granting sys_mount privilege to FUSE mount/unmount programs > FUSE File System Management:solaris:cmd:::/usr/bin/fusermount.bin:privs=sys_mount • Profile must be manually added to users by administrator after installation. 10
  • 11. Privilege Escalation DoS Possibilities with Non-privileged Mounts • FUSE file systems are only accessible to the user who mounted file system. > Prevents FUSE file system daemon from having ptrace-like capabilities and > Prevents denial of service for the requesting process (stalling system calls) • Mount option to allow access to other non-root users • Mount option to allow access to root 11
  • 12. Block Device Access • For FUSE file systems that are backed by block device (ie ntfs-3g) • Non-root users must have read/write access to block device for non-privilege mount • Create “fuse” group and add write-allow ACE for specific block device. • Must be done manually by administrator. 12
  • 13. File System Access Control • By default, FUSE leaves all access control to the file system. • Mount option to enable FUSE to enforce access control. > only allows UNIX-style permission checking, bypassing more sophisticated access controls that may be present in the file system. > does not have direct access to file permissions. (only see what file system presents) • Disposition of file ownership varies by file system. > ntfs-3g presents owner as user who mounted fs. > sshfs presents owner as reported by remote host. 13
  • 14. FUSE on OpenSolaris (2009/119) William Krier William.Krier@sun.com 14