oss-sec mailing list archives
Re: lsof "can't stat() fuse.${name} filesystem /run/user/1000/${dir}"
From: Simon McVittie <smcv () debian org>
Date: Sat, 11 May 2024 13:15:53 +0100
On Fri, 10 May 2024 at 13:19:35 +0000, Corey Lopez wrote:
Also, I ran the lsof command, which helped me discover the type of file systems that were being used. This prompted me to use apt purge to remove Gnome Virtual File System from my laptop. # lsof /dev/loop* I received this in response: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs can't stat() fuse.portal file system /run/user/1000/doc
This is not evidence of a compromise, and is also nothing to do with /dev/loop* specifically. You would see the same thing on a system that is operating correctly, or when issuing other lsof commands as root that do not involve /dev/loop*. These are FUSE filesystems running as uid 1000, which by default are not accessible *by root* - which might seem strange at first glance, but is an intentional security mechanism to protect root from being attacked by uid 1000 (see mount.fuse3(8) for details). fuse.gvfsd-fuse is gvfs (not to be confused with gnomevfs, which is a much older implementation of the same general concept) making various remote and virtual filesystems such as SMB and WebDAV available to non-GLib-based applications as a FUSE filesystem. fuse.portal is xdg-documents-portal, part of xdg-desktop-portal, and is used to share a subset of documents between the host system and sandboxed apps such as Flatpak and Snap under user control, without needing to extend a higher level of trust to those apps by sharing entire directories. smcv
Current thread:
- Microsoft Device Firmware Configuration Interface (DFCI) in Linux efivars directory Corey Lopez (May 11)
- Re: Microsoft Device Firmware Configuration Interface (DFCI) in Linux efivars directory Solar Designer (May 11)
- Re: Microsoft Device Firmware Configuration Interface (DFCI) in Linux efivars directory Jacob Bachmeyer (May 13)
- Re: lsof "can't stat() fuse.${name} filesystem /run/user/1000/${dir}" Simon McVittie (May 11)
- Re: Microsoft Device Firmware Configuration Interface (DFCI) in Linux efivars directory Jacob Bachmeyer (May 13)
- Re: Microsoft Device Firmware Configuration Interface (DFCI) in Linux efivars directory Solar Designer (May 11)