| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Oct 2019 08:22:29 +1100
From: Dave Chinner <david@...morbit.com>
To: Wang Shilong <wangshilong1991@...il.com>
Cc: "Darrick J. Wong" <darrick.wong@...cle.com>,
linux-xfs@...r.kernel.org, linux-fsdevel@...r.kernel.org,
Ext4 Developers List <linux-ext4@...r.kernel.org>,
Andreas Dilger <adilger@...ger.ca>, Li Xi <lixi@....com>,
Wang Shilong <wshilong@....com>
Subject: Re: [Project Quota]file owner could change its project ID?
On Wed, Oct 16, 2019 at 07:51:15PM +0800, Wang Shilong wrote:
> On Mon, Oct 14, 2019 at 12:41 AM Darrick J. Wong
> <darrick.wong@...cle.com> wrote:
> >
> > On Sat, Oct 12, 2019 at 02:33:36PM +0800, Wang Shilong wrote:
> > > Steps to reproduce:
> > > [wangsl@...alhost tmp]$ mkdir project
> > > [wangsl@...alhost tmp]$ lsattr -p project -d
> > > 0 ------------------ project
> > > [wangsl@...alhost tmp]$ chattr -p 1 project
> > > [wangsl@...alhost tmp]$ lsattr -p -d project
> > > 1 ------------------ project
> > > [wangsl@...alhost tmp]$ chattr -p 2 project
> > > [wangsl@...alhost tmp]$ lsattr -p -d project
> > > 2 ------------------ project
> > > [wangsl@...alhost tmp]$ df -Th .
> > > Filesystem Type Size Used Avail Use% Mounted on
> > > /dev/sda3 xfs 36G 4.1G 32G 12% /
> > > [wangsl@...alhost tmp]$ uname -r
> > > 5.4.0-rc2+
> > >
> > > As above you could see file owner could change project ID of file its self.
> > > As my understanding, we could set project ID and inherit attribute to account
> > > Directory usage, and implement a similar 'Directory Quota' based on this.
> >
> > So the problem here is that the admin sets up a project quota on a
> > directory, then non-container users change the project id and thereby
> > break quota enforcement? Dave didn't sound at all enthusiastic, but I'm
> > still wondering what exactly you're trying to prevent.
>
> Yup, we are trying to prevent no-root users to change their project ID.
> As we want to implement 'Directory Quota':
You can already implement "Directory Quota" with project quotas.
What you are asking for is a different implementation of "Directory
Quota" to what we currently support.
> If non-root users could change their project ID, they could always try
> to change its project ID to steal space when EDQUOT returns.
Audit trail will tell you if users are doing this :P
Basically, what you want is a -strict- directory quota, where users
are unable to select the quota ID the directory is placed under.
i.e. it is entirely admin controlled, and users can't place
different directories under different quota IDs.
We can do this, but we need and explicit description of the
behaviour your require, and how it differs from the existing
"directory quota via project quotas" mechanism that people currently
use. i.e. there are two very different use cases for "directory
quotas" here, and users are going to need to know which one to
select for their intended us.
> Yup, if mount option could be introduced to make this case work,
> that will be nice.
That's maybe ten lines of code. I expect that the documentation of
the use cases and the differences in behaviour between the two modes
of behaviour will be a couple of hundred lines at least...
Cheers,
Dave.
--
Dave Chinner
david@...morbit.com
Powered by blists - more mailing lists