[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZlbKEr15IXO2jxXd@infradead.org>
Date: Tue, 28 May 2024 23:24:18 -0700
From: "hch@...radead.org" <hch@...radead.org>
To: Dave Chinner <david@...morbit.com>
Cc: "hch@...radead.org" <hch@...radead.org>, Jan Kara <jack@...e.cz>,
Trond Myklebust <trondmy@...merspace.com>,
"chuck.lever@...cle.com" <chuck.lever@...cle.com>,
"linux-api@...r.kernel.org" <linux-api@...r.kernel.org>,
"linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>,
"brauner@...nel.org" <brauner@...nel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"alex.aring@...il.com" <alex.aring@...il.com>,
"cyphar@...har.com" <cyphar@...har.com>,
"viro@...iv.linux.org.uk" <viro@...iv.linux.org.uk>,
"jlayton@...nel.org" <jlayton@...nel.org>,
"amir73il@...il.com" <amir73il@...il.com>,
"linux-nfs@...r.kernel.org" <linux-nfs@...r.kernel.org>
Subject: Re: [PATCH RFC v2] fhandle: expose u64 mount id to
name_to_handle_at(2)
On Wed, May 29, 2024 at 09:25:49AM +1000, Dave Chinner wrote:
> But no-one has bothered to reply or acknowledge my comments so I'll
> point them out again and repeat: Filehandles generated by
> the kernel for unprivileged use *must* be self describing and self
> validating as the kernel must be able to detect and prevent
> unprivelged users from generating custom filehandles that can be
> used to access files outside the restricted scope of their
> container.
We must not generate file handle for unprivileged use at all, as they
bypass all the path based access controls.
Powered by blists - more mailing lists