search

zboxfs / zbox

Zero-details, privacy-focused in-app file system.
https://zbox.io/fs/
Apache License 2.0
1.54k stars 76 forks source link

Any plans for CLI utilities and FUSE support? #52

Open oblique opened 4 years ago

oblique commented 4 years ago

IMO, CLI utilities are needed to accelerate adoption. Also, FUSE support will be very useful for users that want to use zbox as their personal cloud storage.

burmecia commented 4 years ago

Yes, CLI utilities are very useful, especially during development phase. That can be put in plan for next stage.

For FUSE support, yes you can add it, but I think it is conflict with the purpose of ZboxFS. ZboxFS is privacy focused, so it is deliberately designed for only one process access. FUSE support will expose the private data to OS level, that is not it suppose to do.

vi commented 4 years ago

Started FUSE interface for ZboxFS: https://github.com/vi/zboxmount

Now it can read and write files.

vi commented 4 years ago

you can add it, but I think it is conflict with the purpose of ZboxFS. ZboxFS is privacy focused, so it is deliberately designed for only one process access.

I don't think trusting process boundary is a solid security.

FUSE support will expose the private data to OS level, that is not it suppose to do.

Trying to protect data from OS (or from root user, or from hardware) is typically not a good idea.

Notwithstanding those points, FUSE interface does indeed increase the "attack surface". If needed, I can add some warning to my FUSE app.

burmecia commented 4 years ago

ZboxFS can't protect data from OS or other users with root privileges. Its goal is to provide a secure file repository and try to keep its exposure as minimum as possible.

Yes, it's true, FUSE doesn't always mean not safe or increased the attach surface. You can do all your best to confine the access and your data will still be secured. But in my opinion, FUSE gives "possibilities" to other non-root users or processes to access your data. And that possibilities is what we can get rid of from the beginning, that is, don't provide support for FUSE.

But anyway, you can implement FUSE support by yourself if you know what you are doing and I am happy to see ZboxFS can be used in different scenarios.

LovingMelody commented 4 years ago

I can see the issue with fuse support, would a webdav interface be a possible alternative?

burmecia commented 4 years ago

I can see the issue with fuse support, would a webdav interface be a possible alternative?

No, there is no plan for a webdav interface. But if you like you can implement one by yourself.