From: Duncan <1i5t5.duncan@cox.net>
To: linux-btrfs@vger.kernel.org
Subject: Re: subvols and parents - how?
Date: Wed, 9 Dec 2015 11:26:52 +0000 (UTC) [thread overview]
Message-ID: <pan$eafa8$b5da4379$31bc32b1$5bc4c9a0@cox.net> (raw)
In-Reply-To: 1449635882.20578.2.camel@scientia.net
Christoph Anton Mitterer posted on Wed, 09 Dec 2015 05:38:02 +0100 as
excerpted:
> On Fri, 2015-11-27 at 02:02 +0000, Duncan wrote:
>> Consider a setuid-root binary with a recently publicized but patched on
>> your system vuln. But if you have root snapshots from before the patch
>> and those snapshots are nested below root, then they're always
>> accessible. If the path to the vulnerable setuid is as user accessible
>> as it likely was in its original location, then anyone with login
>> access to the system is likely to be able to run it from the
>> snapshot... and will be able to get root due to the vuln.
>
> Hmm good point... I think it would be great if you could add that
> scenario somewhere to the documentation. :-)
FWIW, I (personally, not sure if that "you" was singular or plural) am
much more comfortable on the lists than on wikis, which I tend to treat
much as I did printed encyclopedias back in the day -- as great
references, but read-only from my perspective. So while I know they can
be edited in theory, I just don't tend to get around to it, and don't
believe I've ever even gotten a wiki login, on /any/ wiki, let alone the
btrfs wiki. But as you've likely noticed, I do find them great
references to read and to post links to. =:^)
So while I'm not opposed in principle to editing the wiki, in practice
I'm never going to do it. I'll reply here with the info, and if it gets
to the wiki, it's almost certainly because someone else posted it there,
based on my post here, or not.
> Based on that one can easily think about more/similar examples... device
> file that had too permissive modes set, and where snapshotted like
> that... and so on.
Exactly...
> I think that's another example why it would be nice if btrfs had
> something (per subvolume) like ext4's default mount options (I mean the
> ones stored in the superblock).
>
> Not only would it allow the userland tools to do things like "adding
> notatime" [...] it would also allow to set things like nodev, noexec,
> nosuid and that like on subvols... and again it would make the whole
> thing practically usable with nested subvols.
>
> Where would be the appropriate place to record that as a feature
> request?
> Simply here on the list?
While the appropriate place would be on the wiki, where there's a page
for that (here, the request is likely to be lost to history, while on the
wiki it's in a nice list that both devs and other requesters can look at,
a year, five years, a decade... into the future), in this case...
There's already a framework for it and a limited implementation, tho only
a small subset of possible options are yet available. The UI exposure is
as btrfs property (see the btrfs-property manpage), with the properties,
in general, implemented as extented attributes.
You can browse what's currently available, but as I said, it's pretty
limited ATM, pretty much just enough to prove the concept and serve as a
placeholder for more to be added, later.
Of course other informational and sometimes configurable bits are exposed
in the developing btrfs sysfs tree, which is where most of the work of
that sort has been focused recently. But it too is somewhat immature and
developing, tho at this point it seems to be further along than
properties, partly because btrfs' own tools are using it at times.
Basically, both properties and the sysfs interface demonstrate btrfs'
status as stabilizING and maturING, as that sort of thing really can't be
implemented until the basics have settled down far enough to form a
stable reference point, but not yet fully stable or mature, as both
interfaces are as yet not fully developed, with more to be added.
But in both cases there's enough there to browse and get a reasonable
idea how things are being exposed and how they'll work once they are. =:^)
--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman
next prev parent reply other threads:[~2015-12-09 11:27 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-24 4:56 subvols and parents - how? Christoph Anton Mitterer
2015-11-24 8:29 ` Duncan
2015-11-24 21:25 ` Christoph Anton Mitterer
2015-11-24 21:55 ` Hugo Mills
2015-11-24 23:20 ` Christoph Anton Mitterer
2015-11-24 23:30 ` Hugo Mills
2015-11-24 23:38 ` Christoph Anton Mitterer
2015-11-27 1:02 ` Duncan
2015-12-09 4:36 ` Christoph Anton Mitterer
2015-12-09 10:53 ` Duncan
2015-12-09 19:04 ` Austin S Hemmelgarn
2015-12-10 3:56 ` Duncan
2015-12-10 12:31 ` Austin S Hemmelgarn
2015-12-12 19:58 ` Christoph Anton Mitterer
2015-11-27 2:02 ` Duncan
2015-12-09 4:38 ` Christoph Anton Mitterer
2015-12-09 11:26 ` Duncan [this message]
2015-12-10 21:13 ` subvols, ro- and bind mounts " Christoph Anton Mitterer
2015-12-10 22:36 ` S.J.
2015-12-10 23:41 ` Christoph Anton Mitterer
2015-12-11 2:32 ` Chris Murphy
2015-12-12 20:27 ` Christoph Anton Mitterer
2015-12-12 2:32 ` subvols and parents " Christoph Anton Mitterer
2015-12-12 3:07 ` Christoph Anton Mitterer
2015-12-12 10:20 ` Duncan
2015-12-09 14:49 ` Axel Burri
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='pan$eafa8$b5da4379$31bc32b1$5bc4c9a0@cox.net' \
--to=1i5t5.duncan@cox.net \
--cc=linux-btrfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.