lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 17 Oct 2019 08:12:52 -0400
From:   "Theodore Y. Ts'o" <tytso@....edu>
To:     Andreas Dilger <adilger@...ger.ca>
Cc:     "Darrick J. Wong" <darrick.wong@...cle.com>,
        Wang Shilong <wangshilong1991@...il.com>,
        linux-xfs@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        Ext4 Developers List <linux-ext4@...r.kernel.org>,
        Li Xi <lixi@....com>, Wang Shilong <wshilong@....com>
Subject: Re: [Project Quota]file owner could change its project ID?

On Wed, Oct 16, 2019 at 06:28:08PM -0600, Andreas Dilger wrote:
> I don't think that this is really "directory quotas" in the end, since it
> isn't changing the semantics that the same projid could exist in multiple
> directory trees.  The real difference is the ability to enforce existing
> project quota limits for regular users outside of a container.  Basically,
> it is the same as regular users not being able to change the UID of their
> files to dump quota to some other user.
> 
> So rather than rename this "dirquota", it would be better to have a
> an option like "projid_enforce" or "projid_restrict", or maybe some
> more flexibility to allow only users in specific groups to change the
> projid like "projid_admin=<gid>" so that e.g. "staff" or "admin" groups
> can still change it (in addition to root) but not regular users.  To
> restrict it to root only, leave "projid_admin=0" and the default (to
> keep the same "everyone can change projid" behavior) would be -1?

I'm not sure how common the need for restsrictive quota enforcement is
really going to be.  Can someone convince me this is actually going to
be a common use case?

We could also solve the problem by adding an LSM hook called when
there is an attempt to set the project ID, and for people who really
want this, they can create a stackable LSM which enforces whatever
behavior they want.

If we think this going to be an speciality request, this might be the
better way to go.

						- Ted

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ