lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <8464EA47-03AC-4162-A2D0-683517568640@cam.ac.uk>
Date:	Wed, 2 May 2007 09:16:04 +0100
From:	Anton Altaparmakov <aia21@....ac.uk>
To:	David Chinner <dgc@....com>
Cc:	linux-ext4@...r.kernel.org, linux-fsdevel@...r.kernel.org,
	xfs@....sgi.com, hch@...radead.org
Subject: Re: [RFC] add FIEMAP ioctl to efficiently map file allocation

On 2 May 2007, at 01:06, David Chinner wrote:
> On Tue, May 01, 2007 at 07:37:20PM +0100, Anton Altaparmakov wrote:
>> On 1 May 2007, at 05:22, David Chinner wrote:
>>> On Mon, Apr 30, 2007 at 04:44:01PM -0600, Andreas Dilger wrote:
>>>>  The FIBMAP ioctl is for privileged users
>>>>  only, and I wonder if FIEMAP should be the same, or at least
>>>> disallow
>>>>  mapping files that the user can't access especially with
>>>> FLAG_SYNC and/or
>>>>  FLAG_HSM_READ.
>>>
>>> I see little reason for restricting FI[BE]MAP to privileged users -
>>> anyone should be able to determine if files they have permission to
>>> access are fragmented.
>>
>> Allowing anyone to run FI[BE]MAP creates potential for DOS-ing the
>> machine.  Perhaps for non-privileged users FIEMAP has to be read-
>> only?  As soon as any of the FLAG_* flags come into play you make it
>> privileged.  For example fancy any user being able to fill up your
>> file system by calling FIEMAP with FLAG_HSM_READ on all files
>> recursively?
>
> By that reasoning, users should not be allowed to recall any files
> without root privileges. HSMs don't work that way, though - any user
> is allowed to recall any files they have permission to access either
> by manual command or by trying to read the file daata.
>
> If that runs the filesytem out of space, then the HSM either hasn't
> been configured properly or it's failed to manage the space
> correctly. Either way, that's not the fault of the user for
> recalling their own files.
>
> Hence allowing FIEMAP to be executed by the user does not open up
> any DOS conditions that don't already exist in normal HSM-managed
> filesystem.

Sorry, it was not a great example.  But the point still stands that  
there are/may be created flags that you do not want to allow everyone  
to use.

I completely agree with Andreas that those can simply return -EPERM  
and the rest can be allowed through.

Best regards,

	Anton
-- 
Anton Altaparmakov <aia21 at cam.ac.uk> (replace at with @)
Unix Support, Computing Service, University of Cambridge, CB2 3QH, UK
Linux NTFS maintainer, http://www.linux-ntfs.org/


-
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ