an option to check that commands are signed with a trusted GPG key before execut... #11

New Issue

Open

opened 2023-10-16 23:31:38 +01:00 by github-actions[bot] · 0 comments

github-actions[bot] commented 2023-10-16 23:31:38 +01:00 (Migrated from github.com)

Copy Link

This would allow the user to run this on a filesystem containing a mix of trusted and

untrusted files (e.g. tar -zxf untrusted-downloaded-file.tar.gz is dangerous). In order to

prevent replay attacks, the signed data should include things like the path to the

symlink-command (otherwise re-using that signed symlink-command in another location with

different files could be used to change the semantics of the command), and/or the inputs

the command itself and the hash of the input files

2043072a87/fs.py (L209)

    FUSE(FilterFS(source, cache), mountpoint, nothreads=True, foreground=True, direct_io = True)

if __name__ == '__main__':
    main(sys.argv[1], sys.argv[2], sys.argv[3])

# TODO: an option to check that commands are signed with a trusted GPG key before executing them
#       This would allow the user to run this on a filesystem containing a mix of trusted and
#       untrusted files (e.g. tar -zxf untrusted-downloaded-file.tar.gz is dangerous). In order to
#       prevent replay attacks, the signed data should include things like the path to the
#       symlink-command (otherwise re-using that signed symlink-command in another location with
#       different files could be used to change the semantics of the command), and/or the inputs
#       (the command itself and the hash of the input files)

This would allow the user to run this on a filesystem containing a mix of trusted and untrusted files \(e\.g\. tar \-zxf untrusted\-downloaded\-file\.tar\.gz is dangerous\)\. In order to prevent replay attacks, the signed data should include things like the path to the symlink\-command \(otherwise re\-using that signed symlink\-command in another location with different files could be used to change the semantics of the command\), and/or the inputs \(the command itself and the hash of the input files\) https://api.github.com/SuzanneSoy/filesystem-fuse/blob/2043072a87447a23ee61d8ffcaacb438159f5c0b/fs.py#L209 ```python FUSE(FilterFS(source, cache), mountpoint, nothreads=True, foreground=True, direct_io = True) if __name__ == '__main__': main(sys.argv[1], sys.argv[2], sys.argv[3]) # TODO: an option to check that commands are signed with a trusted GPG key before executing them # This would allow the user to run this on a filesystem containing a mix of trusted and # untrusted files (e.g. tar -zxf untrusted-downloaded-file.tar.gz is dangerous). In order to # prevent replay attacks, the signed data should include things like the path to the # symlink-command (otherwise re-using that signed symlink-command in another location with # different files could be used to change the semantics of the command), and/or the inputs # (the command itself and the hash of the input files) ```

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

No results found.

Labels

Clear labels   

bug

Something isn't working

  

documentation

Improvements or additions to documentation

  

duplicate

This issue or pull request already exists

  

enhancement

New feature or request

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

invalid

This doesn't seem right

  

question

Further information is requested

  

todo

  

wontfix

This will not be worked on

No Label

bug

documentation

duplicate

enhancement

good first issue

help wanted

invalid

question

todo

wontfix

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: suzanne.soy/filesystem-fuse#11

No description provided.