| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <56E32CD3.1010705@gmail.com> Date: Fri, 11 Mar 2016 15:38:43 -0500 From: "Austin S. Hemmelgarn" <ahferroin7@...il.com> To: Richard Weinberger <richard@....at>, Cole <cole@...eqint.net> Cc: LKML <linux-kernel@...r.kernel.org> Subject: Re: Variant symlink filesystem On 2016-03-11 15:24, Richard Weinberger wrote: > Am 11.03.2016 um 21:22 schrieb Cole: >> If I remember correctly, when we were testing the fuse version, we hard coded >> the path to see if that solved the problem, and the difference between >> the env lookup >> code and the hard coded path was almost the same, but substantially slower than >> the native file system. > > And where exactly as the performance problem? > > Anyway, if you submit your filesystem also provide a decent use case for it. :-) > I don't know that this qualifies as a use case, but I've seen a number of capability based systems that have a similar concept they usually refer to as 'context dependent symbolic links'. In such cases, the resolution is usually based on what capabilities you posses, and is more of a mapping than a value expansion most of the time, but such usage could be emulated (albeit much less securely) with this. If this could be extended to expand other values (for example, process bit width, or SELinux context, or even what namespace the process is in), it could provide the same functionality almost as securely.
Powered by blists - more mailing lists