| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190502171603.GA1778@fieldses.org>
Date: Thu, 2 May 2019 13:16:03 -0400
From: "J. Bruce Fields" <bfields@...ldses.org>
To: Andreas Grünbacher
<andreas.gruenbacher@...il.com>
Cc: Miklos Szeredi <miklos@...redi.hu>,
Andreas Gruenbacher <agruenba@...hat.com>,
NeilBrown <neilb@...e.com>, Amir Goldstein <amir73il@...il.com>,
Patrick Plagwitz <Patrick_Plagwitz@....de>,
"linux-unionfs@...r.kernel.org" <linux-unionfs@...r.kernel.org>,
Linux NFS list <linux-nfs@...r.kernel.org>,
Linux FS-devel Mailing List <linux-fsdevel@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] overlayfs: ignore empty NFSv4 ACLs in ext4 upperdir
On Thu, May 02, 2019 at 05:08:14PM +0200, Andreas Grünbacher wrote:
> You'll still see permissions that differ from what the filesystem
> enforces, and copy-up would change that behavior.
That's always true, and this issue isn't really specific to NFSv4 ACLs
(or ACLs at all), it already exists with just mode bits. The client
doesn't know how principals may be mapped on the server, doesn't know
group membership, etc.
That's the usual model, anyway. Permissions are almost entirely the
server's responsibility, and we just provide a few attributes to set/get
those server-side permissions.
The overlayfs/NFS case is different, I think: the nfs filesystem may be
just a static read-only template for a filesystem that's only ever used
by clients, and for all I know maybe permissions should only be
interpreted on the client side in that case.
--b.
Powered by blists - more mailing lists