lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150316214930.GE28557@dastard>
Date:	Tue, 17 Mar 2015 08:49:30 +1100
From:	Dave Chinner <david@...morbit.com>
To:	Jan Kara <jack@...e.cz>
Cc:	Li Xi <pkuelelixi@...il.com>, linux-fsdevel@...r.kernel.org,
	linux-ext4@...r.kernel.org, linux-api@...r.kernel.org,
	tytso@....edu, adilger@...ger.ca, viro@...iv.linux.org.uk,
	hch@...radead.org, dmonakhov@...nvz.org, dchinner@...hat.com
Subject: Re: [v9 1/5] vfs: adds general codes to enforces project quota limits

On Mon, Mar 16, 2015 at 03:29:44PM +0100, Jan Kara wrote:
> On Wed 11-03-15 12:03:19, Li Xi wrote:
> > This patch adds support for a new quota type PRJQUOTA for project quota
> > enforcement. Also a new method get_projid() is added into dquot_operations
> > structure.
> > 
> > Signed-off-by: Li Xi <lixi@....com>
> > Signed-off-by: Dmitry Monakhov <dmonakhov@...nvz.org>
> > Reviewed-by: Jan Kara <jack@...e.cz>
> ...
> > diff --git a/fs/quota/quota.c b/fs/quota/quota.c
> > index 2aa4151..c76b350 100644
> > --- a/fs/quota/quota.c
> > +++ b/fs/quota/quota.c
> > @@ -30,11 +30,15 @@ static int check_quotactl_permission(struct super_block *sb, int type, int cmd,
> >  	case Q_XGETQSTATV:
> >  	case Q_XQUOTASYNC:
> >  		break;
> > -	/* allow to query information for dquots we "own" */
> > +	/*
> > +	 * allow to query information for dquots we "own"
> > +	 * always allow querying project quota
> > +	 */
> >  	case Q_GETQUOTA:
> >  	case Q_XGETQUOTA:
> >  		if ((type == USRQUOTA && uid_eq(current_euid(), make_kuid(current_user_ns(), id))) ||
> > -		    (type == GRPQUOTA && in_egroup_p(make_kgid(current_user_ns(), id))))
> > +		    (type == GRPQUOTA && in_egroup_p(make_kgid(current_user_ns(), id))) ||
> > +		    (type == PRJQUOTA))
> >  			break;
>   I wanted to merge this patch but this hunk caught my eye. Why do we
> suddently allow querying of project quotas? Traditionally that has been
> allowed only with CAP_SYS_ADMIN. I agree it looks too restrictive to me but
> unless that's a bug, I think we have to adhere to original behavior and
> drop this hunk. Dave, was that behavior of project quotas intended? 

This is for quota reports, right?

Project quotas are managed by the administrator as individual users
may not even have access to all the files under a project and hence
often cannot do anything about running out of quota space. i.e. users
don't own project quotas like they "own" user and group quotas.
user/group quotas imply the user has permission to access/modify the
files within the quota, whereas that is not true of project quotas.

e.g. Think about a project that compartmentalises information along
user acess bounds: even if a user can't access parts of the project
quota space, allowing them to query the accounting of space used by
the project is leaking information about how much data there is in
the project they can't access....

Cheers,

Dave.
-- 
Dave Chinner
david@...morbit.com
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ