lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 25 Jul 2009 17:44:05 +0200
From:	Ludwig Nussel <ludwig.nussel@...e.de>
To:	Andreas Dilger <adilger@....com>
Cc:	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] implement uid mount option for ext2

Andreas Dilger wrote:
> On Jul 24, 2009  12:30 +0200, Ludwig Nussel wrote:
> > @@ -1353,7 +1356,13 @@ int ext2_write_inode(struct inode *inode, int do_sync)
> >  
> >  	ext2_get_inode_flags(ei);
> >  	raw_inode->i_mode = cpu_to_le16(inode->i_mode);
> > +	if (EXT2_SB(sb)->s_uid &&
> > +	    inode->i_uid == EXT2_SB(sb)->s_uid) {
> > +		raw_inode->i_uid_high = 0;
> > +		raw_inode->i_uid_low  = 0;
> > +		raw_inode->i_gid_high = 0;
> > +		raw_inode->i_gid_low  = 0;
> 
> I would suggest to also clear the SUID flag on this inode.  Otherwise,
> it opens the risk of creating SUID root files that might be handled
> incorrectly.

Doesn't really matter. The mount options nosuid,nodev are standard
for user mounts ever since people started using floppy disks :-)

> To be honest, rather than mapping the specified file to uid == 0/gid == 0
> it would be more useful (and safe) to allow specifying a mapping from one
> UID to another, or have the on-disk UID always be set to/from the specified
> UID.  Given that your original problem is for the user having UIDX on
> system X and UIDY on system Y, you should just specify the X->Y mapping
> explicitly, instead of an implicit X->0 mapping.  Otherwise, if the user
> is unable to access root-owned files on either one of system X or Y your
> current patch fails.

That's unnecessarily complicated. You don't have to keep track of
your user ids when using e.g. FAT formatted USB memory sticks
either. The files just always magically appear to be owned by the
user who mounted the file system. The goal is to have it just as
simple with ext2 on the USB stick. If one of the systems doesn't
mount media with the uid option the files might be unaccesible,
that's true. IOW on that system the situation is no different from
today any you'll have to resort to the same workarounds you have to
use today already (like sudo chown -R $USER or chmod 777).
 
> PS - please also send a patch for ext4.

One thing after another :-)

cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\   SUSE LINUX Products GmbH, Development
 V_/_  http://www.suse.de/

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ