linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Christoph Hellwig <hch@infradead.org>
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Christoph Hellwig <hch@infradead.org>,
	Andreas Gruenbacher <agruenba@redhat.com>,
	Alexander Viro <viro@zeniv.linux.org.uk>,
	linux-nfs@vger.kernel.org, "Theodore Ts'o" <tytso@mit.edu>,
	linux-cifs@vger.kernel.org, linux-api@vger.kernel.org,
	Trond Myklebust <trond.myklebust@primarydata.com>,
	linux-kernel@vger.kernel.org, xfs@oss.sgi.com,
	Andreas Dilger <adilger.kernel@dilger.ca>,
	linux-fsdevel@vger.kernel.org,
	Jeff Layton <jlayton@poochiereds.net>,
	linux-ext4@vger.kernel.org,
	Anna Schumaker <anna.schumaker@netapp.com>
Subject: Re: [PATCH v18 19/22] richacl: Add richacl xattr handler
Date: Mon, 21 Mar 2016 09:09:22 -0700	[thread overview]
Message-ID: <20160321160922.GA18734@infradead.org> (raw)
In-Reply-To: <20160315210526.GC3658@fieldses.org>

On Tue, Mar 15, 2016 at 05:05:26PM -0400, J. Bruce Fields wrote:
> > That people get confused between the attr used by the xattr syscall
> > interface and the attr used to store things on disk or the protocol.
> > This has happened every time we have non-native support, e.g. XFS, NFS,
> > CIFS, ntfs, etc.  And it's only going to become worse.
> 
> How has that confusion caused problems in practice?

We had all kinds of bugs in this area that were only slowly uncovered.
We also had all kind of privilegue escalations with (non-ACLs) xattrs
as people never grasped the way different free-form namespaces have
different permission checking.

  reply	other threads:[~2016-03-21 16:09 UTC|newest]

Thread overview: 59+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-02-29  8:17 [PATCH v18 00/22] Richacls (Core and Ext4) Andreas Gruenbacher
2016-02-29  8:17 ` [PATCH v18 01/22] vfs: Add IS_ACL() and IS_RICHACL() tests Andreas Gruenbacher
2016-02-29  8:17 ` [PATCH v18 02/22] vfs: Add MAY_CREATE_FILE and MAY_CREATE_DIR permission flags Andreas Gruenbacher
2016-02-29  8:17 ` [PATCH v18 03/22] vfs: Add MAY_DELETE_SELF and MAY_DELETE_CHILD " Andreas Gruenbacher
2016-02-29  8:17 ` [PATCH v18 04/22] vfs: Make the inode passed to inode_change_ok non-const Andreas Gruenbacher
2016-02-29  8:17 ` [PATCH v18 05/22] vfs: Add permission flags for setting file attributes Andreas Gruenbacher
2016-02-29  8:17 ` [PATCH v18 06/22] richacl: In-memory representation and helper functions Andreas Gruenbacher
2016-02-29  8:17 ` [PATCH v18 07/22] richacl: Permission mapping functions Andreas Gruenbacher
2016-02-29  8:17 ` [PATCH v18 08/22] richacl: Compute maximum file masks from an acl Andreas Gruenbacher
2016-02-29  8:17 ` [PATCH v18 09/22] richacl: Permission check algorithm Andreas Gruenbacher
2016-03-11 14:09   ` Christoph Hellwig
2016-02-29  8:17 ` [PATCH v18 10/22] posix_acl: Unexport acl_by_type and make it static Andreas Gruenbacher
2016-03-11 14:03   ` Christoph Hellwig
2016-02-29  8:17 ` [PATCH v18 11/22] vfs: Cache base_acl objects in inodes Andreas Gruenbacher
2016-03-11 14:07   ` Christoph Hellwig
2016-03-11 16:24     ` Andreas Gruenbacher
2016-03-15  7:12       ` Christoph Hellwig
2016-03-16 22:31         ` Andreas Gruenbacher
2016-02-29  8:17 ` [PATCH v18 12/22] vfs: Add get_richacl and set_richacl inode operations Andreas Gruenbacher
2016-02-29  8:17 ` [PATCH v18 13/22] vfs: Cache richacl in struct inode Andreas Gruenbacher
2016-02-29  8:17 ` [PATCH v18 14/22] richacl: Update the file masks in chmod() Andreas Gruenbacher
2016-02-29  8:17 ` [PATCH v18 15/22] richacl: Check if an acl is equivalent to a file mode Andreas Gruenbacher
2016-02-29  8:17 ` [PATCH v18 16/22] richacl: Create-time inheritance Andreas Gruenbacher
2016-02-29  8:17 ` [PATCH v18 17/22] richacl: Automatic Inheritance Andreas Gruenbacher
2016-02-29  8:17 ` [PATCH v18 18/22] richacl: xattr mapping functions Andreas Gruenbacher
2016-03-11 14:17   ` Christoph Hellwig
2016-03-11 17:03     ` Andreas Gruenbacher
2016-02-29  8:17 ` [PATCH v18 19/22] richacl: Add richacl xattr handler Andreas Gruenbacher
2016-03-11 14:17   ` Christoph Hellwig
2016-03-11 14:19     ` J. Bruce Fields
2016-03-15  7:10       ` Christoph Hellwig
2016-03-15 21:05         ` J. Bruce Fields
2016-03-21 16:09           ` Christoph Hellwig [this message]
2016-02-29  8:17 ` [PATCH v18 20/22] vfs: Add richacl permission checking Andreas Gruenbacher
2016-02-29  8:17 ` [PATCH v18 21/22] ext4: Add richacl support Andreas Gruenbacher
2016-03-11 14:27   ` Christoph Hellwig
2016-03-13 23:08     ` Andreas Gruenbacher
2016-03-15  7:17       ` Christoph Hellwig
2016-03-16 22:38         ` Andreas Gruenbacher
2016-03-13 23:49     ` Andreas Gruenbacher
2016-03-14 13:02     ` Andreas Gruenbacher
2016-03-15  7:18       ` Christoph Hellwig
2016-02-29  8:17 ` [PATCH v18 22/22] ext4: Add richacl feature flag Andreas Gruenbacher
2016-03-11 14:01 ` [PATCH v18 00/22] Richacls (Core and Ext4) Christoph Hellwig
2016-03-11 14:07   ` J. Bruce Fields
2016-03-12 21:12     ` Simo
2016-03-15  7:09     ` Christoph Hellwig
2016-03-11 16:11   ` Andreas Gruenbacher
2016-03-11 20:05     ` Steve French
2016-03-11 23:02       ` Jeremy Allison
2016-03-13 23:02         ` Andreas Gruenbacher
2016-03-14  3:54           ` Jeremy Allison
2016-03-15  7:14       ` Christoph Hellwig
2016-03-16  3:40         ` Steve French
2016-03-15  7:11     ` Christoph Hellwig
2016-03-15 15:45       ` Jeremy Allison
2016-03-15 20:17         ` Volker Lendecke
2016-03-16  3:28           ` Steve French
2016-03-21 18:20           ` Michael Adam

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160321160922.GA18734@infradead.org \
    --to=hch@infradead.org \
    --cc=adilger.kernel@dilger.ca \
    --cc=agruenba@redhat.com \
    --cc=anna.schumaker@netapp.com \
    --cc=bfields@fieldses.org \
    --cc=jlayton@poochiereds.net \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-cifs@vger.kernel.org \
    --cc=linux-ext4@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    --cc=trond.myklebust@primarydata.com \
    --cc=tytso@mit.edu \
    --cc=viro@zeniv.linux.org.uk \
    --cc=xfs@oss.sgi.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).