lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Sat, 8 Jul 2017 22:37:53 -0400
From:   Jeffrey Altman <jaltman@...istor.com>
To:     Theodore Ts'o <tytso@....edu>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Andreas Dilger <adilger@...ger.ca>,
        David Howells <dhowells@...hat.com>,
        Christoph Hellwig <hch@...radead.org>,
        Alexander Viro <viro@...iv.linux.org.uk>,
        linux-fsdevel <linux-fsdevel@...r.kernel.org>,
        Linux API <linux-api@...r.kernel.org>,
        linux-afs@...ts.infradead.org,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 2/2] afs: Add metadata xattrs

On 7/8/2017 9:01 PM, Theodore Ts'o wrote:
> On Sat, Jul 08, 2017 at 12:44:54PM -0700, Linus Torvalds wrote:
>> Yeah, I think attributes are likely much better than some random crazy
>> ioctl interface. They can be listed with generic tools, and have
>> various scripting interfaces in ways that ioctl's do not sanely have.
> 
> I personally don't have a particular problem with these xattrs.  For
> one thing, they are read-only.  You use them just to find out the AFS
> cell, the AFS "fid", and the AFS volume name.
> 
> I think the place where people will start getting nervous is when we
> start adding "write-only" xattrs or where writing to an xattr causes a
> side-effect to take place.

Ted,

The list of AFS pioctls and the proposed alternatives for kAFS are
listed at

  https://www.infradead.org/~dhowells/kafs/user_interface.html

While it is true that the majority of the proposed xattrs are read-only
properties of AFS objects (cell, volume, fid, servers, sec_class,
sec_mode) there is one exception that is read-write (acls).  AuriStorFS
permits acls to be set per-file; there was some per-file acl work begun
for OpenAFS but it was never completed.

Is there an alternative for fetching and setting ACLs that should be
considered?

Jeffrey Altman





View attachment "jaltman.vcf" of type "text/x-vcard" (396 bytes)

Download attachment "smime.p7s" of type "application/pkcs7-signature" (4057 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ