lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 3 Feb 2021 14:56:20 +0000
From:   Matthew Wilcox <willy@...radead.org>
To:     Miklos Szeredi <miklos@...redi.hu>
Cc:     Miklos Szeredi <mszeredi@...hat.com>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        Al Viro <viro@...iv.linux.org.uk>,
        Andreas Dilger <adilger@...ger.ca>,
        Andreas Gruenbacher <agruenba@...hat.com>,
        Christoph Hellwig <hch@....de>,
        "Darrick J . Wong" <djwong@...nel.org>,
        Dave Kleikamp <shaggy@...nel.org>,
        David Sterba <dsterba@...e.com>,
        Jaegeuk Kim <jaegeuk@...nel.org>, Jan Kara <jack@...e.cz>,
        Joel Becker <jlbec@...lplan.org>,
        Matthew Garrett <matthew.garrett@...ula.com>,
        Mike Marshall <hubcap@...ibond.com>,
        Richard Weinberger <richard@....at>,
        Ryusuke Konishi <konishi.ryusuke@...il.com>,
        Theodore Ts'o <tytso@....edu>, Tyler Hicks <code@...icks.com>
Subject: Re: [PATCH 00/18] new API for FS_IOC_[GS]ETFLAGS/FS_IOC_FS[GS]ETXATTR

On Wed, Feb 03, 2021 at 03:38:54PM +0100, Miklos Szeredi wrote:
> On Wed, Feb 3, 2021 at 3:28 PM Matthew Wilcox <willy@...radead.org> wrote:
> >
> > On Wed, Feb 03, 2021 at 03:13:29PM +0100, Miklos Szeredi wrote:
> > > On Wed, Feb 3, 2021 at 2:58 PM Matthew Wilcox <willy@...radead.org> wrote:
> > >
> > > > Network filesystems frequently need to use the credentials attached to
> > > > a struct file in order to communicate with the server.  There's no point
> > > > fighting this reality.
> > >
> > > IDGI.  Credentials can be taken from the file and from the task.  In
> > > this case every filesystem except cifs looks at task creds. Why are
> > > network filesystem special in this respect?
> >
> > I don't necessarily mean 'struct cred'.  I mean "the authentication
> > that the client has performed to the server".  Which is not a per-task
> > thing, it's stored in the struct file, which is why we have things like
> >
> >         int (*write_begin)(struct file *, struct address_space *mapping,
> >                                 loff_t pos, unsigned len, unsigned flags,
> >                                 struct page **pagep, void **fsdata);
> >
> > disk filesystems ignore the struct file argument, but network filesystems
> > very much use it.
> 
> Fine for file I/O.  That's authorized at open time for all
> filesystems, not just network ones.
> 
> Not fine for metadata operations (IMO).   I.e. ->[gs]etattr() don't
> take a file argument either, even though on the uAPI there are plenty
> of open file based variants.

That's a fine statement of principle, but if the filesystem needs to
contact the server, then your principle must accede to reality.

But let's talk specifics.  What does CIFS need to contact the server for?
Could it be cached earlier?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ