[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20061027155402.GA6717@filer.fsl.cs.sunysb.edu>
Date: Fri, 27 Oct 2006 11:54:03 -0400
From: Josef Sipek <jsipek@....cs.sunysb.edu>
To: David Howells <dhowells@...hat.com>
Cc: sds@...ho.nsa.gov, jmorris@...ei.org, chrisw@...s-sol.org,
selinux@...ho.nsa.gov, linux-kernel@...r.kernel.org,
aviro@...hat.com
Subject: Re: Security issues with local filesystem caching
On Thu, Oct 26, 2006 at 10:56:08AM +0100, David Howells wrote:
> Josef Sipek <jsipek@....cs.sunysb.edu> wrote:
...
> > I'm wondering, why don't just you duplicate all the attributes of the files
> > (including xattrs)? That would take care of most if not all the DAC/MAC
> > issues, no?
>
> You're forgetting that the userspace cache manager daemon still has to access
> the cache.
Yeah, I did forget. Since there is a userspace daemon, it sounds like what
you're doing is right.
> > I'm thinking that it would be nice to combine the caching related security
> > code with those for stackable filesystems.
>
> That's fine by me, though I want the security on a cache file to be different
> to that on the netfs file it's backing.
It sounds reasonable, and my guess is that chances are that the two
(stackable fs and caching) don't really overlap too much.
Josef "Jeff" Sipek.
--
UNIX is user-friendly ... it's just selective about who it's friends are
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists