lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20150928163543.GF1358@fieldses.org> Date: Mon, 28 Sep 2015 12:35:43 -0400 From: "J. Bruce Fields" <bfields@...ldses.org> To: Andreas Gruenbacher <agruenba@...hat.com> Cc: Alexander Viro <viro@...iv.linux.org.uk>, Theodore Ts'o <tytso@....edu>, Andreas Dilger <adilger.kernel@...ger.ca>, Jeff Layton <jlayton@...chiereds.net>, Trond Myklebust <trond.myklebust@...marydata.com>, Anna Schumaker <anna.schumaker@...app.com>, linux-ext4@...r.kernel.org, linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org, linux-nfs@...r.kernel.org, linux-api@...r.kernel.org Subject: Re: [PATCH v8 00/41] Richacls On Mon, Sep 28, 2015 at 12:08:51AM +0200, Andreas Gruenbacher wrote: > here's another update of the richacl patch queue. At this stage, I would > like to ask for final feedback so that the core and ext4 code (patches > 1-19) can be merged in the 4.4 merge window. The nfsd and nfs code should > then go through the respective maintainer trees. I've been over the core richacl and nfsd parts very carefully, and they definitely look ready to me. > Changes since the last posting (https://lwn.net/Articles/656704/): > > * The MAY_DELETE_SELF permission now also overrides the sticky > directory checks. > > * Fix the permission check algorithm to apply the owner mask instead > of the group mask to user entries matching the current owner. That way, > the owner will retain the permissions in those entries when creating > objects with create mode 0700 and similar. (A chmod to mode 0700 already > creates an owner@:rwpx::allow ace, which was hiding this bug.) > > * Fix richacl_apply_masks to properly insert deny aces when raising the > permissions of the other class. The bug could be triggered by > chmod'ing a group@:r::allow acl to mode 0077, for example. > > * Various cleanups and improvements to comments. > > > The complete patch queue is available here: > > git://git.kernel.org/pub/scm/linux/kernel/git/agruen/linux-richacl.git \ > richacl-2015-09-28 > > > The richacl user-space utilitites and test suite are available here: > > https://github.com/andreas-gruenbacher/richacl/ > > > Open issues in nfs: > > * When a user or group name cannot be mapped, nfs's idmapper always maps it > to nobody. That's good enough for mapping the file owner and owning > group, but not for identifiers in acls. For now, to get the nfs richacl > support somewhat working, I'm explicitly checking if mapping has resulted > in uid/gid 99 in the kernel. > > * When the nfs server replies with NFS4ERR_BADNAME for any user or group > name lookup, the client will stop sending numeric uids and gids to the > server even when the lookup wasn't numeric. From then on, the client > will translate uids and gids that have no mapping to the string "nobody", > and the server will reject them. This problem is not specific to acls. Do you have fixes in mind for these two issues? --b. > > Thanks, > Andreas > > Andreas Gruenbacher (39): > vfs: Add IS_ACL() and IS_RICHACL() tests > vfs: Add MAY_CREATE_FILE and MAY_CREATE_DIR permission flags > vfs: Add MAY_DELETE_SELF and MAY_DELETE_CHILD permission flags > vfs: Make the inode passed to inode_change_ok non-const > vfs: Add permission flags for setting file attributes > richacl: In-memory representation and helper functions > richacl: Permission mapping functions > richacl: Compute maximum file masks from an acl > richacl: Update the file masks in chmod() > richacl: Permission check algorithm > vfs: Cache base_acl objects in inodes > vfs: Cache richacl in struct inode > richacl: Check if an acl is equivalent to a file mode > richacl: Create-time inheritance > richacl: Automatic Inheritance > richacl: xattr mapping functions > vfs: Add richacl permission checking > richacl: acl editing helper functions > richacl: Move everyone@ aces down the acl > richacl: Propagate everyone@ permissions to other aces > richacl: Set the owner permissions to the owner mask > richacl: Set the other permissions to the other mask > richacl: Isolate the owner and group classes > richacl: Apply the file masks to a richacl > richacl: Create richacl from mode values > nfsd: Keep list of acls to dispose of in compoundargs > nfsd: Use richacls as internal acl representation > nfsd: Add richacl support > nfsd: Add support for the v4.1 dacl attribute > nfsd: Add support for the MAY_CREATE_{FILE,DIR} permissions > richacl: Add support for unmapped identifiers > ext4: Don't allow unmapped identifiers in richacls > sunrpc: Allow to demand-allocate pages to encode into > sunrpc: Add xdr_init_encode_pages > nfs: Fix GETATTR bitmap verification > nfs: Remove unused xdr page offsets in getacl/setacl arguments > nfs: Add richacl support > nfs: Add support for the v4.1 dacl attribute > richacl: uapi header split > > Aneesh Kumar K.V (2): > ext4: Add richacl support > ext4: Add richacl feature flag > > drivers/staging/lustre/lustre/llite/llite_lib.c | 2 +- > fs/Kconfig | 9 + > fs/Makefile | 3 + > fs/attr.c | 81 ++- > fs/ext4/Kconfig | 15 + > fs/ext4/Makefile | 1 + > fs/ext4/acl.c | 6 +- > fs/ext4/acl.h | 12 +- > fs/ext4/ext4.h | 6 +- > fs/ext4/file.c | 6 +- > fs/ext4/ialloc.c | 7 +- > fs/ext4/inode.c | 10 +- > fs/ext4/namei.c | 11 +- > fs/ext4/richacl.c | 218 ++++++ > fs/ext4/richacl.h | 47 ++ > fs/ext4/super.c | 42 +- > fs/ext4/xattr.c | 6 + > fs/ext4/xattr.h | 1 + > fs/f2fs/acl.c | 4 +- > fs/inode.c | 15 +- > fs/jffs2/acl.c | 6 +- > fs/namei.c | 111 ++- > fs/nfs/inode.c | 3 - > fs/nfs/nfs4proc.c | 701 +++++++++++++----- > fs/nfs/nfs4xdr.c | 257 ++++++- > fs/nfs/super.c | 4 +- > fs/nfs_common/Makefile | 1 + > fs/nfs_common/nfs4acl.c | 44 ++ > fs/nfsd/Kconfig | 1 + > fs/nfsd/acl.h | 23 +- > fs/nfsd/nfs4acl.c | 482 +++++++------ > fs/nfsd/nfs4proc.c | 25 +- > fs/nfsd/nfs4xdr.c | 268 ++++--- > fs/nfsd/nfsd.h | 6 +- > fs/nfsd/nfsfh.c | 8 +- > fs/nfsd/vfs.c | 28 +- > fs/nfsd/vfs.h | 17 +- > fs/nfsd/xdr4.h | 12 +- > fs/posix_acl.c | 26 +- > fs/richacl_base.c | 682 ++++++++++++++++++ > fs/richacl_compat.c | 915 ++++++++++++++++++++++++ > fs/richacl_inode.c | 297 ++++++++ > fs/richacl_xattr.c | 267 +++++++ > fs/xattr.c | 34 +- > include/linux/fs.h | 50 +- > include/linux/nfs4.h | 24 +- > include/linux/nfs4acl.h | 7 + > include/linux/nfs_fs.h | 1 - > include/linux/nfs_fs_sb.h | 2 + > include/linux/nfs_xdr.h | 13 +- > include/linux/posix_acl.h | 12 +- > include/linux/richacl.h | 275 +++++++ > include/linux/richacl_compat.h | 40 ++ > include/linux/richacl_xattr.h | 47 ++ > include/linux/sunrpc/xdr.h | 2 + > include/uapi/linux/Kbuild | 2 + > include/uapi/linux/fs.h | 3 +- > include/uapi/linux/nfs4.h | 3 +- > include/uapi/linux/richacl.h | 111 +++ > include/uapi/linux/richacl_xattr.h | 43 ++ > include/uapi/linux/xattr.h | 2 + > net/sunrpc/xdr.c | 34 + > 62 files changed, 4659 insertions(+), 732 deletions(-) > create mode 100644 fs/ext4/richacl.c > create mode 100644 fs/ext4/richacl.h > create mode 100644 fs/nfs_common/nfs4acl.c > create mode 100644 fs/richacl_base.c > create mode 100644 fs/richacl_compat.c > create mode 100644 fs/richacl_inode.c > create mode 100644 fs/richacl_xattr.c > create mode 100644 include/linux/nfs4acl.h > create mode 100644 include/linux/richacl.h > create mode 100644 include/linux/richacl_compat.h > create mode 100644 include/linux/richacl_xattr.h > create mode 100644 include/uapi/linux/richacl.h > create mode 100644 include/uapi/linux/richacl_xattr.h > > -- > 2.4.3 > > > Andreas Gruenbacher (39): > vfs: Add IS_ACL() and IS_RICHACL() tests > vfs: Add MAY_CREATE_FILE and MAY_CREATE_DIR permission flags > vfs: Add MAY_DELETE_SELF and MAY_DELETE_CHILD permission flags > vfs: Make the inode passed to inode_change_ok non-const > vfs: Add permission flags for setting file attributes > richacl: In-memory representation and helper functions > richacl: Permission mapping functions > richacl: Compute maximum file masks from an acl > richacl: Update the file masks in chmod() > richacl: Permission check algorithm > vfs: Cache base_acl objects in inodes > vfs: Cache richacl in struct inode > richacl: Check if an acl is equivalent to a file mode > richacl: Create-time inheritance > richacl: Automatic Inheritance > richacl: xattr mapping functions > vfs: Add richacl permission checking > richacl: acl editing helper functions > richacl: Move everyone@ aces down the acl > richacl: Propagate everyone@ permissions to other aces > richacl: Set the owner permissions to the owner mask > richacl: Set the other permissions to the other mask > richacl: Isolate the owner and group classes > richacl: Apply the file masks to a richacl > richacl: Create richacl from mode values > nfsd: Keep list of acls to dispose of in compoundargs > nfsd: Use richacls as internal acl representation > nfsd: Add richacl support > nfsd: Add support for the v4.1 dacl attribute > nfsd: Add support for the MAY_CREATE_{FILE,DIR} permissions > richacl: Add support for unmapped identifiers > ext4: Don't allow unmapped identifiers in richacls > sunrpc: Allow to demand-allocate pages to encode into > sunrpc: Add xdr_init_encode_pages > nfs: Fix GETATTR bitmap verification > nfs: Remove unused xdr page offsets in getacl/setacl arguments > nfs: Add richacl support > nfs: Add support for the v4.1 dacl attribute > richacl: uapi header split > > Aneesh Kumar K.V (2): > ext4: Add richacl support > ext4: Add richacl feature flag > > drivers/staging/lustre/lustre/llite/llite_lib.c | 2 +- > fs/Kconfig | 9 + > fs/Makefile | 3 + > fs/attr.c | 81 ++- > fs/ext4/Kconfig | 15 + > fs/ext4/Makefile | 1 + > fs/ext4/acl.c | 6 +- > fs/ext4/acl.h | 12 +- > fs/ext4/ext4.h | 6 +- > fs/ext4/file.c | 6 +- > fs/ext4/ialloc.c | 7 +- > fs/ext4/inode.c | 10 +- > fs/ext4/namei.c | 11 +- > fs/ext4/richacl.c | 218 ++++++ > fs/ext4/richacl.h | 47 ++ > fs/ext4/super.c | 42 +- > fs/ext4/xattr.c | 6 + > fs/ext4/xattr.h | 1 + > fs/f2fs/acl.c | 4 +- > fs/inode.c | 15 +- > fs/jffs2/acl.c | 6 +- > fs/namei.c | 111 ++- > fs/nfs/inode.c | 3 - > fs/nfs/nfs4proc.c | 701 +++++++++++++----- > fs/nfs/nfs4xdr.c | 257 ++++++- > fs/nfs/super.c | 4 +- > fs/nfs_common/Makefile | 1 + > fs/nfs_common/nfs4acl.c | 44 ++ > fs/nfsd/Kconfig | 1 + > fs/nfsd/acl.h | 23 +- > fs/nfsd/nfs4acl.c | 482 +++++++------ > fs/nfsd/nfs4proc.c | 25 +- > fs/nfsd/nfs4xdr.c | 268 ++++--- > fs/nfsd/nfsd.h | 6 +- > fs/nfsd/nfsfh.c | 8 +- > fs/nfsd/vfs.c | 28 +- > fs/nfsd/vfs.h | 17 +- > fs/nfsd/xdr4.h | 12 +- > fs/posix_acl.c | 26 +- > fs/richacl_base.c | 682 ++++++++++++++++++ > fs/richacl_compat.c | 915 ++++++++++++++++++++++++ > fs/richacl_inode.c | 297 ++++++++ > fs/richacl_xattr.c | 267 +++++++ > fs/xattr.c | 34 +- > include/linux/fs.h | 50 +- > include/linux/nfs4.h | 24 +- > include/linux/nfs4acl.h | 7 + > include/linux/nfs_fs.h | 1 - > include/linux/nfs_fs_sb.h | 2 + > include/linux/nfs_xdr.h | 13 +- > include/linux/posix_acl.h | 12 +- > include/linux/richacl.h | 275 +++++++ > include/linux/richacl_compat.h | 40 ++ > include/linux/richacl_xattr.h | 47 ++ > include/linux/sunrpc/xdr.h | 2 + > include/uapi/linux/Kbuild | 2 + > include/uapi/linux/fs.h | 3 +- > include/uapi/linux/nfs4.h | 3 +- > include/uapi/linux/richacl.h | 111 +++ > include/uapi/linux/richacl_xattr.h | 43 ++ > include/uapi/linux/xattr.h | 2 + > net/sunrpc/xdr.c | 34 + > 62 files changed, 4659 insertions(+), 732 deletions(-) > create mode 100644 fs/ext4/richacl.c > create mode 100644 fs/ext4/richacl.h > create mode 100644 fs/nfs_common/nfs4acl.c > create mode 100644 fs/richacl_base.c > create mode 100644 fs/richacl_compat.c > create mode 100644 fs/richacl_inode.c > create mode 100644 fs/richacl_xattr.c > create mode 100644 include/linux/nfs4acl.h > create mode 100644 include/linux/richacl.h > create mode 100644 include/linux/richacl_compat.h > create mode 100644 include/linux/richacl_xattr.h > create mode 100644 include/uapi/linux/richacl.h > create mode 100644 include/uapi/linux/richacl_xattr.h > > -- > 2.4.3 -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists