From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andreas Gruenbacher <agruen@suse.de>
Subject: Re: [PATCH] backout the xattr override access checks flag
Date: Sun, 23 Feb 2003 23:16:48 +0100
Sender: linux-fsdevel-owner@vger.kernel.org
Message-ID: <200302232316.48664.agruen@suse.de>
References: <A1C30C1C0FB8D5118D810004754C0375854483@hsl-lj3x.hermes.si> <20030223193623.A21537@infradead.org>
Mime-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Cc: linux-fsdevel@vger.kernel.org, torvalds@transmeta.com,
	Andi Kleen <ak@suse.de>, Nathan Scott <nathans@sgi.com>,
	Tim Shimmin <tes@sgi.com>, Chris Mason <mason@suse.com>,
	Jeff Mahoney <jeffm@suse.com>,
	Dave Kleikamp <shaggy@us.ibm.com>,
	Steve Best <sbest@us.ibm.com>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
To: Christoph Hellwig <hch@infradead.org>,
	Luka Renko <luka.renko@hermes.si>
In-Reply-To: <20030223193623.A21537@infradead.org>
Content-Disposition: inline
List-Id: linux-fsdevel.vger.kernel.org

Hello,

On Sunday 23 February 2003 20:36, Christoph Hellwig wrote:
> On Sun, Feb 23, 2003 at 08:28:23PM +0100, Luka Renko wrote:
> > I have concerns with kernel module temporarly changing capabilities of a
> > user process, however I am not sure if this is really the problem. I was
> > thinking in terms of SMP/preempt (EA calls can/will go to sleep) and
> > considering that this might be a security problem, however since we are
> > changing it per process it should probably be OK.
>
> Right.  And we're already doing similar things, see sys_access().

Okay, this seems sufficient confirmation that it is not dangerous to 
temporarily raise capabilities in a task, so we can get rid of the 
XATTR_KERNEL_CONTEXT flag. Instead, the HSM module should raise a capability 
before invoking the xattr inode operations.

-- Andreas.