lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20070630094332.GA22889@infradead.org>
Date:	Sat, 30 Jun 2007 10:43:32 +0100
From:	Christoph Hellwig <hch@...radead.org>
To:	Trond Myklebust <trond.myklebust@....uio.no>
Cc:	Christoph Hellwig <hch@...radead.org>,
	Bharata B Rao <bharata@...ux.vnet.ibm.com>,
	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
	Jan Blunck <j.blunck@...harburg.de>
Subject: Re: [RFC PATCH 4/4] Directory listing support for union mounted directories.

On Wed, Jun 20, 2007 at 01:44:52PM -0400, Trond Myklebust wrote:
> > Which is exactly that problem this tries to solve.  Once you have
> > union mounts you'll have a single open file descriptor for multiple
> > actual directories.   Beause of that you can't simply attach to the
> > state to the struct file but have to keep it in a different way.
> 
> Which creates another, much WORSE problem.
> 
> Authentication information is part of a series of things that POSIX
> requires you to keep on per-descriptor basis (because POSIX assumes that
> you can suid/sgid a process without any security implications for file
> descriptors that are already open). It is quite natural to pass it
> around by means of the struct file.
> 
> If you don't want to pass the struct file around, then you at least need
> to come up with an alternative mechanism that allows filesystems to
> provide correct semantics in the standard non-union case.

That'd be struct ucred..

Anyway, to get back to the original problem - currently filesystems
are perfectly fine to keep whatever state they want in struct file
(mostly ->private), with union mounts we will have a single file descriptor
and struct file for two directories, so we need to restrict this.
Getting this right is the key to any unioning work that actually works
on an arbitrary filesystem and not just on disk filesystems that don't
do anything fancy.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ