lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1FA8E92B-954D-4624-A089-80D4AA7399FD@cam.ac.uk>
Date:	Tue, 1 May 2007 19:37:20 +0100
From:	Anton Altaparmakov <aia21@....ac.uk>
To:	David Chinner <dgc@....com>
Cc:	linux-ext4@...r.kernel.org, linux-fsdevel@...r.kernel.org,
	xfs@....sgi.com, hch@...radead.org
Subject: Re: [RFC] add FIEMAP ioctl to efficiently map file allocation

On 1 May 2007, at 05:22, David Chinner wrote:
> On Mon, Apr 30, 2007 at 04:44:01PM -0600, Andreas Dilger wrote:
>>   The FIBMAP ioctl is for privileged users
>>   only, and I wonder if FIEMAP should be the same, or at least  
>> disallow
>>   mapping files that the user can't access especially with  
>> FLAG_SYNC and/or
>>   FLAG_HSM_READ.
>
> I see little reason for restricting FI[BE]MAP to privileged users -
> anyone should be able to determine if files they have permission to
> access are fragmented.

Allowing anyone to run FI[BE]MAP creates potential for DOS-ing the  
machine.  Perhaps for non-privileged users FIEMAP has to be read- 
only?  As soon as any of the FLAG_* flags come into play you make it  
privileged.  For example fancy any user being able to fill up your  
file system by calling FIEMAP with FLAG_HSM_READ on all files  
recursively?  This should certainly not be simply dismissed as a non- 
issue without thinking about it first...

Best regards,

	Anton
-- 
Anton Altaparmakov <aia21 at cam.ac.uk> (replace at with @)
Unix Support, Computing Service, University of Cambridge, CB2 3QH, UK
Linux NTFS maintainer, http://www.linux-ntfs.org/


-
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ