From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 02C79C11F66 for ; Wed, 30 Jun 2021 19:59:55 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D00AC61461 for ; Wed, 30 Jun 2021 19:59:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234012AbhF3UCW (ORCPT ); Wed, 30 Jun 2021 16:02:22 -0400 Received: from outgoing-auth-1.mit.edu ([18.9.28.11]:35779 "EHLO outgoing.mit.edu" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S233693AbhF3UCU (ORCPT ); Wed, 30 Jun 2021 16:02:20 -0400 Received: from cwcc.thunk.org (pool-72-74-133-215.bstnma.fios.verizon.net [72.74.133.215]) (authenticated bits=0) (User authenticated as tytso@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 15UJxfAp014915 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 30 Jun 2021 15:59:42 -0400 Received: by cwcc.thunk.org (Postfix, from userid 15806) id 7001C15C3C8E; Wed, 30 Jun 2021 15:59:41 -0400 (EDT) Date: Wed, 30 Jun 2021 15:59:41 -0400 From: "Theodore Ts'o" To: "Dr. David Alan Gilbert" Cc: Daniel Walsh , Vivek Goyal , Casey Schaufler , "Schaufler, Casey" , "linux-fsdevel@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "viro@zeniv.linux.org.uk" , "virtio-fs@redhat.com" , "berrange@redhat.com" , linux-security-module , "selinux@vger.kernel.org" Subject: Re: [RFC PATCH 0/1] xattr: Allow user.* xattr on symlink/special files if caller has CAP_SYS_RESOURCE Message-ID: References: <20210629152007.GC5231@redhat.com> <78663f5c-d2fd-747a-48e3-0c5fd8b40332@schaufler-ca.com> <20210629173530.GD5231@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jun 30, 2021 at 04:01:42PM +0100, Dr. David Alan Gilbert wrote: > > Even if you fix symlinks, I don't think it fixes device nodes or > anything else where the permissions bitmap isn't purely used as the > permissions on the inode. I think we're making a mountain out of a molehill. Again, very few people are using quota these days. And if you give someone write access to a 8TB disk, do you really care if they can "steal" 32k worth of space (which is the maximum size of an xattr, enforced by the VFS). OK, but what about character mode devices? First of all, most users don't have access to huge number of devices, but let's assume something absurd. Let's say that a user has write access to *1024* devices. (My /dev has 233 character mode devices, and I have write access to well under a dozen.) An 8TB disk costs about $200. So how much of the "stolen" quota space are we talking about, assuming the user has access to 1024 devices, and the file system actually supports a 32k xattr. 32k * 1024 * $200 / 8TB / (1024*1024*1024) = $0.000763 = 0.0763 cents A 2TB SSD is less around $180, so even if we calculate the prices based on SSD space, we're still talking about a quarter of a penny. Why are we worrying about this? - Ted From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Wed, 30 Jun 2021 15:59:41 -0400 From: "Theodore Ts'o" Message-ID: References: <20210629152007.GC5231@redhat.com> <78663f5c-d2fd-747a-48e3-0c5fd8b40332@schaufler-ca.com> <20210629173530.GD5231@redhat.com> MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: Re: [Virtio-fs] [RFC PATCH 0/1] xattr: Allow user.* xattr on symlink/special files if caller has CAP_SYS_RESOURCE List-Id: Development discussions about virtio-fs List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Dr. David Alan Gilbert" Cc: "berrange@redhat.com" , "selinux@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "virtio-fs@redhat.com" , "Schaufler, Casey" , linux-security-module , "viro@zeniv.linux.org.uk" , Casey Schaufler , "linux-fsdevel@vger.kernel.org" , Vivek Goyal On Wed, Jun 30, 2021 at 04:01:42PM +0100, Dr. David Alan Gilbert wrote: > > Even if you fix symlinks, I don't think it fixes device nodes or > anything else where the permissions bitmap isn't purely used as the > permissions on the inode. I think we're making a mountain out of a molehill. Again, very few people are using quota these days. And if you give someone write access to a 8TB disk, do you really care if they can "steal" 32k worth of space (which is the maximum size of an xattr, enforced by the VFS). OK, but what about character mode devices? First of all, most users don't have access to huge number of devices, but let's assume something absurd. Let's say that a user has write access to *1024* devices. (My /dev has 233 character mode devices, and I have write access to well under a dozen.) An 8TB disk costs about $200. So how much of the "stolen" quota space are we talking about, assuming the user has access to 1024 devices, and the file system actually supports a 32k xattr. 32k * 1024 * $200 / 8TB / (1024*1024*1024) = $0.000763 = 0.0763 cents A 2TB SSD is less around $180, so even if we calculate the prices based on SSD space, we're still talking about a quarter of a penny. Why are we worrying about this? - Ted