lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAPTn0cA8aK9B+vE=Bdi_YiyMTraBUSY3S9RH2gOfwrztTOo6qQ@mail.gmail.com>
Date:	Mon, 11 Aug 2014 23:03:49 +0800
From:	Li Xi <pkuelelixi@...il.com>
To:	"Theodore Ts'o" <tytso@....edu>
Cc:	Shuichi Ihara <sihara@....com>,
	"linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>,
	Ext4 Developers List <linux-ext4@...r.kernel.org>,
	"viro@...iv.linux.org.uk" <viro@...iv.linux.org.uk>,
	"hch@...radead.org" <hch@...radead.org>, Jan Kara <jack@...e.cz>,
	Andreas Dilger <adilger@...ger.ca>,
	"Niu, Yawei" <yawei.niu@...el.com>
Subject: Re: [PATCH v2 0/4] quota: add project quota support

On Mon, Aug 11, 2014 at 10:45 PM, Theodore Ts'o <tytso@....edu> wrote:
> On Mon, Aug 11, 2014 at 10:40:38PM +0800, Li Xi wrote:
>> > But since you've been arguing that the project id should get preserved
>> > across renames, they can evade quota usage by doing:
>> >
>> >          touch /product/mail/huge_file
>> >          mv  /product/mail/huge_file /product/maps
>> I don't really understand why these commands can evade project quota
>> since:
>> 1) A newly created file will inherit project ID from its parent inode.
>> 2) Project ID will be preserved across renames
>> 3) Project quota won't be transfered unless its project ID is changed.
>> 4) Only root user has the right to change project ID.
>> The rule 2) and 3) are just the same sematics with UID/GID quotas.
>> So, becasue of rule 1), after 'touch /product/mail/huge_file', the project
>> ID of 'huge_file' is 'mail', and its usage is accouted as project 'mail'.
>> Even we do 'mv /product/mail/huge_file /product/maps', because
>> of rule 2), there is no project ID updating and no quota transfer. Since
>> so, the project quota of file 'huge_file' is always accounted as 'mail',
>> from the first beginning to the end. And that is why I think project quota
>> of 'mail' can't be evaded in this way.
>
> Yes, and *that* is the quota evasion.  There is no difference in terms
> of who ends up owning the quota between:
>
>      touch /product/mail/huge_file
>      mv /product/mail/huge_file /product/maps
>
> and
>
>     touch /product/maps/huge_file
>     chgrp mail /product/maps/huge_file
>
> Either way, a file that is storing maps information (that is why it is
> in /product/maps/huge_file) ends up getting accounted against the mail
> product's quota.
Ah... I am getting the point. :) Yeah, it seems like strange that huge_file
is under directory 'maps' but using the space of 'mail'. But that looks normal
immediately, if we judge files by what it has (i.e. project ID) rather
where it is
(i.e. directory path). Actually we are doing the same things for UID/GID. For
example, let's assume User1 and User2 are using /home/user1 and /home/user2.
We don't think following commds is way of evade quota:

touch /home/user1/huge_file
mv /home/user1/huge_file /home/user2

Then, why things should be different for project qutoa?

Regards,
                                             - Li Xi
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ