| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 15 Aug 2007 17:20:37 -0400 From: Valdis.Kletnieks@...edu To: Marc Perkel <mperkel@...oo.com> cc: Phillip Susi <psusi@....rr.com>, Kyle Moffett <mrmacman_g4@....com>, Michael Tharp <gxti@...tiallystapled.com>, alan <alan@...eserver.org>, LKML Kernel <linux-kernel@...r.kernel.org>, Lennart Sorensen <lsorense@...lub.uwaterloo.ca>, valdis@...ing-police.cc.vt.edu Subject: Re: Thinking outside the box on file systems On Wed, 15 Aug 2007 13:50:17 PDT, Marc Perkel said: > I don't see it as being any worse that what we have > now. To open a file you have to start at the bottom > and open each directory and evaluate the permissions > on the way to the file. In my system you have to look > up the permission of the string at each "/" separator. > Seems to me that every system would have these same > steps. No - you need to look at the *whole* string - that's the whole *point* of your system, remember? Just a few msgs back, you gave a nice example of having a file with \ in the name rather than / because it came from a Windows user. So you *do* need to check *every* pattern against the filename, because it *could* match. In a system with several hundred thousand or more patterns, that could be painful. Also, you need to figure out how to deal with all the various silly corner cases that people will end up trying to do. Consider the rules: peter '*a*' can create peter '*b*' cannot create Peter tries to create 'foo-ab-bar' - is he allowed to or not? For an exersize, either write a program or do by hand: Create a list of patterns that correctly express the ownership and permissions of *every* file on your current Linux box. Then repeat on a large box with multiple users and a few Oracle databases or webservers. Then write a small tool, that given that list, a username, a filename, and the operation (read, write, open, unlink, etc), says "Yes or No". Then run 'strace /bin/ls' in a large directory, take all the filenames listed in the strace output, and see if your tool can answer "yes or no" fast enough to make 'ls' feasible. Come back when you get that part done, and we'll discuss how it would have to work in the kernel. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists