lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHhKpQ7PwgDysS3nUAA0ALLdMZqnzG6q6wL1tmn3aqOPwZbyyg@mail.gmail.com>
Date:   Mon, 7 Dec 2020 10:27:31 -0500
From:   Boris Protopopov <boris.v.protopopov@...il.com>
To:     Shyam Prasad N <nspmangalore@...il.com>
Cc:     Boris Protopopov <pboris@...zon.com>,
        Steve French <sfrench@...ba.org>,
        linux-cifs <linux-cifs@...r.kernel.org>,
        samba-technical <samba-technical@...ts.samba.org>,
        LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] Add support for getting and setting SACLs

Hello, Shyam,

sorry for the delayed reply and thanks for looking at this patch. Yes,
the testing was done using the extended versions of
getcifsacl/setcifsacl (added setting owner and SACL support), the
patch for that posted recently via samba-technical (message ID
<20201120214918.12517-1-pboris@...zon.com>). I have tested
setting/getting the owner, DACL, and SACL, for all the DACL/SACL flags
(-a, -D, -M, -S), SACL type SYSTEM_AUDIT. This testing was done
against 5.10.0-rc1 and 4.14.203 (the latter required porting the
user-space patch). I believe this testing has fully exercised the code
changes in question.

I will look at contributing to the fsxtesting-cifs code, but I think
the setcifsacl/getcifsact patch that enables easy access to the
descriptor components is a pre-requisite for such contributions.

Thanks!


On Wed, Dec 2, 2020 at 5:43 AM Shyam Prasad N <nspmangalore@...il.com> wrote:
>
> Hi Boris,
>
> At a high level, the changes look good to me. Will go through the
> changes in more detail tomorrow morning.
>
> On a related note, we may need more test coverage in this area.
> Can you please share your testing output against your changes?
> Or even better, if you can contribute some xfstests for this use case:
> https://wiki.samba.org/index.php/Xfstesting-cifs
>
> Regards,
> Shyam
>
> On Wed, Dec 2, 2020 at 12:24 AM Boris Protopopov
> <boris.v.protopopov@...il.com> wrote:
> >
> > Hello,
> > I am checking in to see if anyone had a chance to take a look at this
> > patch. I would appreciate any feedback.
> > Thanks!
> >
> > On Tue, Oct 27, 2020 at 5:01 PM Boris Protopopov via samba-technical
> > <samba-technical@...ts.samba.org> wrote:
> > >
> > > Add SYSTEM_SECURITY access flag and use with smb2 when opening
> > > files for getting/setting SACLs. Add "system.cifs_ntsd_full"
> > > extended attribute to allow user-space access to the functionality.
> > > Avoid multiple server calls when setting owner, DACL, and SACL.
> > >
> > > Signed-off-by: Boris Protopopov <pboris@...zon.com>
> > > ---
> > ...
>
>
>
> --
> -Shyam

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ