security fix: configure FUSE with fuse.default_options

copied the llfuse.default_options from the llfuse source to borg to support older llfuse versions, which did not have llfuse.default_options yet. for recent versions, llfuse.default_options is used directly. llfuse < 0.42 needs the options as a list and crashes when receiving a set.
borgbackup · Feb 7, 2019 · 3becd28 · 3becd28
1 parent 075600d
commit 3becd28
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/src/borg/fuse.py b/src/borg/fuse.py
@@ -321,7 +321,17 @@ def pop_option(options, key, present, not_present, wanted_type, int_base=0):
         dir_mode = 0o40755 & ~self.umask
         self.default_dir = Item(mode=dir_mode, mtime=int(time.time() * 1e9), uid=dir_uid, gid=dir_gid)
         self._create_filesystem()
-        llfuse.init(self, mountpoint, options)
+        default_options = frozenset(  # copied from llfuse, to support pre-0.42 llfuse
+            ('default_permissions',  # Enables permission checking by kernel.
+                                     # Without this any umask (or uid/gid) would not have an effect.
+             'big_writes',  # Enables larger than 4kB writes. (not used, borgfs does not support write)
+             'nonempty',  # Allows mounts over non-empty file/dir.
+             'splice_read', 'splice_write', 'splice_move',  # See fuse docs.
+            )
+        )
+        default_options = getattr(llfuse, 'default_options', default_options)
+        options = set(options) | set(default_options)
+        llfuse.init(self, mountpoint, list(options))
         if not foreground:
             old_id, new_id = daemonize()
             if not isinstance(self.repository_uncached, RemoteRepository):