lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 05 Sep 2006 09:02:39 -0400
From:	Shaya Potter <spotter@...columbia.edu>
To:	Jan Engelhardt <jengelh@...ux01.gwdg.de>
Cc:	Pavel Machek <pavel@....cz>, Josef Sipek <jsipek@...sunysb.edu>,
	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
	hch@...radead.org, akpm@...l.org, viro@....linux.org.uk
Subject: Re: [PATCH 00/22][RFC] Unionfs: Stackable Namespace Unification
	Filesystem

On Tue, 2006-09-05 at 08:02 +0200, Jan Engelhardt wrote:
> >
> >I agree that unionfs shouldn't oops, it should handle that situation in
> >a more graceful manner, but once the "backing store" is modified
> >underneath it, all bets are off for either unionfs or ext2/3 behaving
> >"correctly" (where "correctly" doesn't just mean handle the error
> >gracefully).
> >
> >But are you also 100% sure that messing with the underlying backing
> >store wouldn't be considered an admin bug as opposed to an administrator
> >bug? I mean there's nothing that we can do to prevent an administrator
> >from FUBAR'ing their system by 
> >
> >dd if=/dev/random of=/dev/kmem.
> >
> >where does one draw the line?  I agree that stackable file systems make
> >this a more pressing issue, as the "backing store" can be visible within
> >the file system namespace as a regular file system that people are
> >generally accustomed to interacting with.
> 
> So here's an idea. When a branch is added, mount an empty space onto the
> branch. (From within the kernel, so it appears as a side-effect of mount(2))
> 
>   mount -t unionfs -o dirs=/a=rw:/b=ro none /union
> 
> should imply something like
> 
>   mount --bind /var/lib/empty /a
>   mount --bind /var/lib/empty /b
> 
> Or better, yet, make them read-only:
> 
>   mount --rbind -o ro /a /a
>   mount --rbind -o ro /b /b
> (hope this works as intended?)
> 
> So that no one can tinker with /a and /b while the union is mounted.

I thought about that, but that doesn't help you w/ the NFS as branch
case.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ