| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 28 Jun 2021 14:33:33 +0200
From: Christian Brauner <christian.brauner@...ntu.com>
To: Vivek Goyal <vgoyal@...hat.com>
Cc: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
viro@...iv.linux.org.uk, virtio-fs@...hat.com, dwalsh@...hat.com,
dgilbert@...hat.com, berrange@...hat.com
Subject: Re: [PATCH 1/1] xattr: Allow user.* xattr on symlink/special files
with CAP_SYS_RESOURCE
On Fri, Jun 25, 2021 at 03:12:29PM -0400, Vivek Goyal wrote:
> As of now user.* xattrs are allowed only on regular files and directories.
> And in case of directories if sticky bit is set, then it is allowed
> only if caller is owner or has CAP_FOWNER.
>
> "man xattr" suggests that primary reason behind this restrcition is that
> users can set unlimited amount of "user.*" xattrs on symlinks and special
> files and bypass quota checks. Following is from man page.
>
> "These differences would allow users to consume filesystem resources in
> a way not controllable by disk quotas for group or world writable spe‐
> cial files and directories"
>
> Capability CAP_SYS_RESOURCE allows for overriding disk quota limits. If
> being able to bypass quota is primary reason behind these restrictions,
> can we relax these restrictions if caller has CAP_SYS_RESOURCE.
>
> Signed-off-by: Vivek Goyal <vgoyal@...hat.com>
> ---
I think this change is fine especially since it seems to solve a real
problem there since it prevents relabeling for virtiofsd.
Powered by blists - more mailing lists