| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Aug 2010 11:13:07 +0200 From: Bastien ROUCARIES <roucaries.bastien@...il.com> To: Neil Brown <neilb@...e.de> Cc: Andreas Dilger <andreas.dilger@...cle.com>, Al Viro <viro@...iv.linux.org.uk>, Christoph Hellwig <hch@...radead.org>, "Aneesh Kumar K.V" <aneesh.kumar@...ux.vnet.ibm.com>, "adilger@....com" <adilger@....com>, "corbet@....net" <corbet@....net>, "npiggin@...nel.dk" <npiggin@...nel.dk>, "hooanon05@...oo.co.jp" <hooanon05@...oo.co.jp>, "bfields@...ldses.org" <bfields@...ldses.org>, "miklos@...redi.hu" <miklos@...redi.hu>, "linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>, "sfrench@...ibm.com" <sfrench@...ibm.com>, "philippe.deniel@....FR" <philippe.deniel@....fr>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Re: [PATCH -V18 04/13] vfs: Allow handle based open on symlinks On Wed, Aug 25, 2010 at 4:04 AM, Neil Brown <neilb@...e.de> wrote: > On Tue, 24 Aug 2010 11:41:10 +0200 >> >> Why ot creating a special file system for this kind of operation ? >> I mean a vfsmnt filesystem, with each directory on the root is a >> symlink to the root of the real vfsmnt root ? >> >> I could be even be in proc space like /proc/self/vfsmnt >> >> path_to_handle will return a relative path from this directory like >> 0x75843558/somehandle (if X is on /usr/bin/X and usr is mounted by >> filesystem 0x75843558) >> path_to_fshandle() will return 0x75843558 >> >> opening file handle will be just a matter to thus open >> /proc/self/vfsmount/0x75843558/somehandle >> >> Permission will be determined by vfsmount filesystem. >> >> No need to create new syscall all te handle to filename will be handle >> by the vfsmount filesystem >> >> We could even use at existing command. The dirfd will need to be only >> /proc/self/vfsmnt (and if you need to get a fd without mounting /proc >> create a syscall to get this fd). >> >> Does sound plausible ? >> > > I don't think so. > > I'm not 100% certain what you are proposing, but I think the basic idea is a > virtual filesystem where giving a textual filehandle as a name gives access > to the file with that filehandle. Exactly > This could only work by creating a virtual symlink from the name to the > object in whichever filesystem - somewhat like /proc/self/fd/*. > This could be used to open the file, not to create a hard-link or read a > symlink which are two of the issues we are struggling with. This issue could be raised by the open O_NODE patch (http://lwn.net/Articles/364735/). For symlink it will allow to read the symlink. For hard link some bsd have fsdb that allow this kind of stuff. in our case the security implication are huge, We could undelete a removed file. In fact you need a flink(fd, "new path"). I could be useful in some context note but seriously restricted. Bastien -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists