| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 02 Nov 2006 16:24:27 -0500 From: Trond Myklebust <trond.myklebust@....uio.no> To: David Howells <dhowells@...hat.com> Cc: Stephen Smalley <sds@...ho.nsa.gov>, Karl MacMillan <kmacmill@...hat.com>, jmorris@...ei.org, chrisw@...s-sol.org, selinux@...ho.nsa.gov, linux-kernel@...r.kernel.org, aviro@...hat.com Subject: Re: Security issues with local filesystem caching On Thu, 2006-11-02 at 20:38 +0000, David Howells wrote: > Trond Myklebust <trond.myklebust@....uio.no> wrote: > > > Just why are you doing all this? Why do we need a back-end that requires > > all this extra client-side security infrastructure in order to work? > > Well, both Christoph and Al are of the opinion that I should be using > vfs_mkdir() and co rather than bypassing the security and calling inode ops > directly. ...but why are you needing to call vfs_mkdir? I thought the standard cachefs backend just uses a pool of files, rather like the original AFS cache did. Are you trying to mirror the layout and the permissions of the NFS filesystem? That is a lot more work than it is worth... > Also I should be setting security labels on the files I create. To what end? These files shouldn't need to be made visible to userland at all. Cheers, Trond - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists