| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200107174407.GA666424@chrisdown.name>
Date: Tue, 7 Jan 2020 17:44:07 +0000
From: Chris Down <chris@...isdown.name>
To: "J. Bruce Fields" <bfields@...ldses.org>
Cc: "Darrick J. Wong" <darrick.wong@...cle.com>,
linux-fsdevel@...r.kernel.org, Al Viro <viro@...iv.linux.org.uk>,
Jeff Layton <jlayton@...nel.org>,
Johannes Weiner <hannes@...xchg.org>,
Tejun Heo <tj@...nel.org>, linux-kernel@...r.kernel.org,
kernel-team@...com
Subject: Re: [PATCH] fs: inode: Reduce volatile inode wraparound risk when
ino_t is 64 bit
J. Bruce Fields writes:
>I thought that (dev, inum) was supposed to be unique from creation to
>last unlink (and last close), and (dev, inum, generation) was supposed
>to be unique for all time.
Sure, but I mean, we don't really protect against even the first case.
>> I didn't mention generation because, even though it's set on tmpfs
>> (to prandom_u32()), it's not possible to evaluate it from userspace
>> since `ioctl` returns ENOTTY. We can't ask userspace applications to
>> introspect on an inode attribute that they can't even access :-)
>
>Is there any reason not to add IOC_GETVERSION support to tmpfs?
>
>I wonder if statx should return it too?
We can, but that seems like a tangential discussion/patch series. For the
second case especially, that's something we should do separately from this
patchset, since this demonstrably fixes issues encountered in production, and
extending a user-facing APIs is likely to be a much more extensive discussion.
(Also, this one in particular has advanced quite a lot since this v1 patch :-))
Powered by blists - more mailing lists