[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAOssrKcZeAHsRz7P_dxh==QAKnp7HeSTh4vWY2tgbWa1ZD918g@mail.gmail.com>
Date: Tue, 13 Feb 2018 14:18:21 +0100
From: Miklos Szeredi <mszeredi@...hat.com>
To: Dongsu Park <dongsu@...volk.io>
Cc: lkml <linux-kernel@...r.kernel.org>,
containers@...ts.linux-foundation.org,
Alban Crequy <alban@...volk.io>,
"Eric W . Biederman" <ebiederm@...ssion.com>,
Seth Forshee <seth.forshee@...onical.com>,
Sargun Dhillon <sargun@...gun.me>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
Alexander Viro <viro@...iv.linux.org.uk>,
"Luis R. Rodriguez" <mcgrof@...nel.org>,
Kees Cook <keescook@...omium.org>
Subject: Re: [PATCH 03/11] fs: Allow superblock owner to change ownership of inodes
On Fri, Dec 22, 2017 at 3:32 PM, Dongsu Park <dongsu@...volk.io> wrote:
> From: Eric W. Biederman <ebiederm@...ssion.com>
>
> Allow users with CAP_SYS_CHOWN over the superblock of a filesystem to
> chown files. Ordinarily the capable_wrt_inode_uidgid check is
> sufficient to allow access to files but when the underlying filesystem
> has uids or gids that don't map to the current user namespace it is
> not enough, so the chown permission checks need to be extended to
> allow this case.
>
> Calling chown on filesystem nodes whose uid or gid don't map is
> necessary if those nodes are going to be modified as writing back
> inodes which contain uids or gids that don't map is likely to cause
> filesystem corruption of the uid or gid fields.
How can the filesystem be corrupted if chown is denied?
It is not clear to me what the purpose of this patch is or what the
exact usecase this is fixing.
Thanks,
Miklos
Powered by blists - more mailing lists