lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1942.1187365183@turing-police.cc.vt.edu>
Date:	Fri, 17 Aug 2007 11:39:43 -0400
From:	Valdis.Kletnieks@...edu
To:	Phillip Susi <psusi@....rr.com>
Cc:	Kyle Moffett <mrmacman_g4@....com>,
	Michael Tharp <gxti@...tiallystapled.com>,
	alan <alan@...eserver.org>, Marc Perkel <mperkel@...oo.com>,
	LKML Kernel <linux-kernel@...r.kernel.org>,
	Lennart Sorensen <lsorense@...lub.uwaterloo.ca>,
	Al Viro <viro@...iv.linux.org.uk>
Subject: Re: Thinking outside the box on file systems

On Fri, 17 Aug 2007 11:19:21 EDT, Phillip Susi said:
> Kyle Moffett wrote:
>> Problem 1: "updating cached acls of descendent objects":  How do you 
>> find out what a 'descendent object' is?  Answer:  You can't without 
>> recursing through the entire in-memory dentry tree.

I suspect Kyle is not quite correct - it's probably the case that you don't
have to consider just the in-memory dentries, but *all* the descendent objects
in the entire file system.

If you have a clever proof that on-disk can't *possibly* be affected, feel
free to present it.

(Does anybody know offhand what means 'chacl -r' uses to avoid race conditions
with directories being moved in/out from under it, or does it just say "we'll
make a best stab at it"?)

> Yes, it would take some cpu time, and yes, it would have to use a lock 
> to protect the acl which would also lock out moves.  Is that such a high 
> cost?  Changing acls and moving whole directory trees around is not THAT 
> common of an operation... if it takes a wee bit more cpu time, I doubt 
> anyone will complain.

It will become even *more* of a "not that common" if the lock will block moves
and ACL changes *across the filesystem* for potentially *minutes* at a time.


Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ