lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+55aFzEjPUGZFk7PnM0T6YEn5uRrscgyCHyhc_cYz0m8ejdLA@mail.gmail.com>
Date:   Tue, 10 Jul 2018 16:01:06 -0700
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     David Howells <dhowells@...hat.com>
Cc:     Al Viro <viro@...iv.linux.org.uk>,
        linux-fsdevel <linux-fsdevel@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 00/32] VFS: Introduce filesystem context [ver #9]

On Tue, Jul 10, 2018 at 3:41 PM David Howells <dhowells@...hat.com> wrote:
>
> Here are a set of patches to create a filesystem context prior to setting
> up a new mount, populating it with the parsed options/binary data, creating
> the superblock and then effecting the mount.  This is also used for remount
> since much of the parsing stuff is common in many filesystems.
>
> This allows namespaces and other information to be conveyed through the
> mount procedure.
>
> This also allows Miklós Szeredi's idea of doing:
>
>         fd = fsopen("nfs");
>         write(fd, "option=val", ...);
>         mfd = fsmount(fd, MS_NODEV);
>         move_mount(mfd, "", AT_FDCWD, "/mnt", MOVE_MOUNT_F_EMPTY_PATH);
>
> that he presented at LSF-2017 to be implemented (see the relevant patches
> in the series).

All your documentation (both commit logs, man-pages and in-kernel
actual docs you add) only talk about "what".

They don't talk about _why_.

I can imagine why's. But I think that the "why" is actually way mnore
important than the what. At no point did I see a "this is the current
interface, and it doesn't work for xyz, so here's the new interface
that allows us to do stuff".

When you have a diffstat like this:

 171 files changed, 7147 insertions(+), 1805 deletions(-)

I sure want to see an explanation for *WHY* it adds 5000+ lines of core code.

Also, I want to hear about sane security models. One of the things
people really want to do is have users do their own mounts. We've had
security issues in that area. Why does this improve on it, or make it
even worse?

And by "secuyrity models" I absolutely do not mean "here's how you can
do complex smack rules for it".

                 Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ