Ar Mer, 2006-10-25 am 11:14 +0100, ysgrifennodd David Howells:
> Currently, CacheFiles temporarily changes fsuid and fsgid to 0 whilst doing its
> own pathwalk through the cache and whilst creating files and directories in the
> cache. This allows it to deal with DAC security directly. All the directories
> it creates are given permissions mask 0700 and all files 0000.
That seems sensible and fine. It is precisely why we added a separate
fsuid in the first place so that the user space nfsd could take on an fs
identity without breaking signal and other security based forms.
> (1) Do all the cache operations in their own thread (sort of like knfsd).
Slow it down to keep Christoph happy seems iffy
> (2) Add further security ops for the caching code to call. These might be of
> use elsewhere in the kernel. These would set cache-specific security
> labels and check for them.
I can see good arguments for this in some cases where you want strict
divisons in extremely secure computing cases but not usually.
> Thoughts anyone?
I'd like to know more about why Christoph is objecting, whether he has
actual real world examples of races/problems it introduces by altering
fsuid or what his concern is.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
