| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 27 Oct 2006 11:54:03 -0400 From: Josef Sipek <jsipek@....cs.sunysb.edu> To: David Howells <dhowells@...hat.com> Cc: sds@...ho.nsa.gov, jmorris@...ei.org, chrisw@...s-sol.org, selinux@...ho.nsa.gov, linux-kernel@...r.kernel.org, aviro@...hat.com Subject: Re: Security issues with local filesystem caching On Thu, Oct 26, 2006 at 10:56:08AM +0100, David Howells wrote: > Josef Sipek <jsipek@....cs.sunysb.edu> wrote: ... > > I'm wondering, why don't just you duplicate all the attributes of the files > > (including xattrs)? That would take care of most if not all the DAC/MAC > > issues, no? > > You're forgetting that the userspace cache manager daemon still has to access > the cache. Yeah, I did forget. Since there is a userspace daemon, it sounds like what you're doing is right. > > I'm thinking that it would be nice to combine the caching related security > > code with those for stackable filesystems. > > That's fine by me, though I want the security on a cache file to be different > to that on the netfs file it's backing. It sounds reasonable, and my guess is that chances are that the two (stackable fs and caching) don't really overlap too much. Josef "Jeff" Sipek. -- UNIX is user-friendly ... it's just selective about who it's friends are - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists