lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1457817147.3540.28.camel@samba.org>
Date:	Sat, 12 Mar 2016 16:12:27 -0500
From:	Simo <simo@...ba.org>
To:	"J. Bruce Fields" <bfields@...ldses.org>,
	Christoph Hellwig <hch@...radead.org>
Cc:	Andreas Gruenbacher <agruenba@...hat.com>,
	Alexander Viro <viro@...iv.linux.org.uk>,
	linux-nfs@...r.kernel.org, Theodore Ts'o <tytso@....edu>,
	linux-cifs@...r.kernel.org, linux-api@...r.kernel.org,
	Trond Myklebust <trond.myklebust@...marydata.com>,
	linux-kernel@...r.kernel.org, xfs@....sgi.com,
	Andreas Dilger <adilger.kernel@...ger.ca>,
	linux-fsdevel@...r.kernel.org,
	Jeff Layton <jlayton@...chiereds.net>,
	linux-ext4@...r.kernel.org,
	Anna Schumaker <anna.schumaker@...app.com>
Subject: Re: [PATCH v18 00/22] Richacls (Core and Ext4)

On Fri, 2016-03-11 at 09:07 -0500, J. Bruce Fields wrote:
> On Fri, Mar 11, 2016 at 06:01:34AM -0800, Christoph Hellwig wrote:
> > 
> > On Mon, Feb 29, 2016 at 09:17:05AM +0100, Andreas Gruenbacher
> > wrote:
> > > 
> > > Al,
> > > 
> > > could you please make sure you are happy with the current version
> > > of the
> > > richacl patch queue for the next merge window?
> > I'm still not happy.
> > 
> > For one I still see no reason to merge this broken ACL model at
> > all.
> > It provides our actualy Linux users no benefit at all, while
> > breaking
> > a lot of assumptions, especially by adding allow and deny ACE at
> > the
> > same sime.
> Could you explain what you mean by "adding allow and deny ACE at the
> same time"?
> 
> > 
> > It also doesn't help with the issue that the main thing it's trying
> > to be compatible with (Windows) actually uses a fundamentally
> > different
> > identifier to apply the ACLs to - as long as you're still limited
> > to users and groups and not guids we'll still have that mapping
> > problem
> > anyway.
> Agreed, but, one step at a time?  My impression is that the Samba
> people
> still consider this a step forward for Linux compatibility.

It is a step forward, but being able to store SIDs in the ACL, would be
a much better one.

Simo.

> --b.
> 
> > 
> > 
> > But besides that fundamental question on the purpose of it I also
> > don't think the code is suitable, more in the individual patches.
> --
> To unsubscribe from this list: send the line "unsubscribe linux-cifs" 
> in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ