| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 1 Feb 2010 18:06:45 -0500 From: "J. Bruce Fields" <bfields@...i.umich.edu> To: "Aneesh Kumar K. V" <aneesh.kumar@...ux.vnet.ibm.com> Cc: Brad Boyer <flar@...andria.com>, sandeen@...hat.com, adilger@....com, tytso@....edu, jlayton@...hat.com, nfsv4@...ux-nfs.org, samba@...ts.samba.org, linux-fsdevel@...r.kernel.org, sfrench@...ibm.com, ffilz@...ibm.com, linux-ext4@...r.kernel.org, agruen@...e.de Subject: Re: [PATCH 03/23] vfs: rich ACL in-memory representation and manipulation On Mon, Feb 01, 2010 at 11:32:59PM +0530, Aneesh Kumar K. V wrote: > I guess id mapping needs more work in the patch. I would really like > to hear from both NFS and Samba people in how they would like the > id details to be stored. If we can't map an incoming user@...ain > request on nfs, I guess we definitely don't want to store the acl with > 'nobody' id I don't see the point in allowing the acl's to refer to arbitrary user@...ain strings unless we're also going to allow those strings as file owners, allow processes to run *as* one of those strings, etc. If we're really going to try to teach the core kernel to handle foreign NFS or Samba identities, that's a separate project. As long as the kernel's working with ordinary uid's and gid's, the acl's should do the same, and NFS and Samba can take care of the conversion as needed. So I agree that we should be able to use a more compact representation here. --b. -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists