| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Mar 2016 22:40:00 -0500 From: Steve French <smfrench@...il.com> To: Christoph Hellwig <hch@...radead.org> Cc: Andreas Gruenbacher <agruenba@...hat.com>, Alexander Viro <viro@...iv.linux.org.uk>, "J. Bruce Fields" <bfields@...ldses.org>, Linux NFS Mailing List <linux-nfs@...r.kernel.org>, "Theodore Ts'o" <tytso@....edu>, "linux-cifs@...r.kernel.org" <linux-cifs@...r.kernel.org>, Linux API <linux-api@...r.kernel.org>, Trond Myklebust <trond.myklebust@...marydata.com>, LKML <linux-kernel@...r.kernel.org>, XFS Developers <xfs@....sgi.com>, Andreas Dilger <adilger.kernel@...ger.ca>, linux-fsdevel <linux-fsdevel@...r.kernel.org>, Jeff Layton <jlayton@...chiereds.net>, linux-ext4 <linux-ext4@...r.kernel.org>, Anna Schumaker <anna.schumaker@...app.com> Subject: Re: [PATCH v18 00/22] Richacls (Core and Ext4) On Tue, Mar 15, 2016 at 2:14 AM, Christoph Hellwig <hch@...radead.org> wrote: > On Fri, Mar 11, 2016 at 02:05:16PM -0600, Steve French wrote: >> A loosely related question is what can be done for tools around existing >> interfaces for ACLs. I recently found out NTFS-3g has this xattr: >> >> static const char nf_ns_xattr_ntfs_acl[] = "system.ntfs_acl"; >> >> which allows you to query system.ntfs_acl xattr to get their full ACL > > Bah. Filesystems really have no business exposing random system xattrs, > and we really need to add a filter to fs/xattr.c to not expose > arbitrary attrs ouside the user.* prefix. Hopefully we don't consider them random system xattrs, it is plausible that ntfs uses these for user space tools that I don't have. At least for cifs.ko a similar subset (querying ACLs, streams and reparse info e.g.) to the ntfs set would be very helpful. For example, Being able to query the actual ACL over the wire, is important for backup and for debug, the only question is whether to do it via an xattr (possibly being able to have some synergy with existing ntfs-3g tools) or an ioctl (since adding an NTFS specific syscall for a couple fs doesn't make sense). For the specific example of the odd ntfs.streams.list xattr, I can see why they have it. I would have mixed feelings about having no way to tell streams and EAs from each other since NTFS-3g displaying streams as xattrs and also Extended Attributes (EAs) as xattrs (and if they didn't have an additional xattr to list streams) without a way to tell the difference (at least a system xattr to list the alternate data streams is useful). There is useful information in alternate data streams that backup (and debugging) programs need for some workloads, for example the origin (where internet explorer downloaded a file from) and file classification information. -- Thanks, Steve
Powered by blists - more mailing lists