lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 7 Nov 2011 12:29:52 +0100
From:	Lennart Poettering <mzxreary@...inter.de>
To:	Christoph Hellwig <hch@...radead.org>
Cc:	Davidlohr Bueso <dave@....org>, Hugh Dickins <hughd@...gle.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	lkml <linux-kernel@...r.kernel.org>, linux-mm@...ck.org,
	Kay Sievers <kay.sievers@...y.org>
Subject: Re: [RFC PATCH] tmpfs: support user quotas

On Mon, 07.11.11 02:31, Christoph Hellwig (hch@...radead.org) wrote:

>
> On Sun, Nov 06, 2011 at 06:15:01PM -0300, Davidlohr Bueso wrote:
> > From: Davidlohr Bueso <dave@....org>
> >
> > This patch adds a new RLIMIT_TMPFSQUOTA resource limit to restrict an individual user's quota across all mounted tmpfs filesystems.
> > It's well known that a user can easily fill up commonly used directories (like /tmp, /dev/shm) causing programs to break through DoS.
>
> Please jyst implement the normal user/group quota interfaces we use for other
> filesystem.

Please don't.

tmpfs by its very nature is volatile, which means that we'd have to
upload the quota data explicitly each time we mount a tmpfs, which means
we'd have to add quite some userspace infrastructure to make tmpfs work
with quota. Either every time a tmpfs is mounted we'd have to apply a
quota for every configured user and every future user to it (which is
simply not realistic) or on every user logging in we'd have to go
through all tmpfs mount points and apply a user-specific quota setting
to it -- which isn't much less ugly and complex. Just using a
user-specific RLIMIT is much much simpler and beautiful there, and
requires almost no changes to userspace.

On top of that I think a global quota over all tmpfs is actually
preferable than a per-tmpfs quota, because what you want to enforce is
that clients cannot drain the pool that tmpfs is backed from but how
they distribute their share of that pool on the various tmpfs mounted
doesn't really matter in order to avoid DoS vulnerabilities.

In short: a resource limit for tmpfs quota looks like the best solution
here, which does exactly what userspace wants.

Lennart

--
Lennart Poettering - Red Hat, Inc.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ