| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 Mar 2012 23:51:52 +0900 From: "J. R. Okajima" <hooanon05@...oo.co.jp> To: David Howells <dhowells@...hat.com> Cc: linux-fsdevel@...r.kernel.org, viro@...IV.linux.org.uk, valerie.aurora@...il.com, linux-kernel@...r.kernel.org, sds@...ho.nsa.gov, selinux@...ho.nsa.gov Subject: Re: copy-up xattr (Re: [RFC][PATCH 00/73] Union Mount [ver #2]) David Howells: > That's not necessarily good enough. What if and LSM, say SELinux, is in > force? Now SELinux will happily label the files for you - but there's a > reasonable chance they won't be correct. OTOH, they may not be correct even > if they are copied up. Then what will happen (or should happen) in cp(1) for such cases? Can the --preserve=context or xattr option handle it correctly? If cp(1) can hanle it correctly, then union-mount may be able to behave similarly, or make the internal copy-up operaion a totally isolated userspace module. If cp(1) cannot, then union-mount will not either. And union-mount should delete the copied-up file after the xattr error, while cp(1) may left the copied file. Finally, the number of cases which copy-up xattr succeeds may not be so many, and the situation is similar to cp(1) which copies a file between different filesystems. J. R. Okajima -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists