From: Neil Brown <neilb@suse.de>
To: Greg Freemyer <greg.freemyer@gmail.com>
Cc: Olaf van der Spek <olafvdspek@gmail.com>,
Christian Stroetmann <stroetmann@ontolinux.com>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
linux-ext4@vger.kernel.org, "Ted Ts'o" <tytso@mit.edu>,
Nick Piggin <npiggin@gmail.com>
Subject: Re: Atomic non-durable file write API
Date: Wed, 29 Dec 2010 09:35:38 +1100 [thread overview]
Message-ID: <20101229093538.5a082e02@notabene.brown> (raw)
In-Reply-To: <AANLkTinJVJM0Gb2osYQeTUetuVTkJYyXfQR0fkmwS_Pg@mail.gmail.com>
On Tue, 28 Dec 2010 17:15:57 -0500 Greg Freemyer <greg.freemyer@gmail.com>
wrote:
> On Tue, Dec 28, 2010 at 5:06 PM, Olaf van der Spek <olafvdspek@gmail.com> wrote:
> > On Tue, Dec 28, 2010 at 11:00 PM, Greg Freemyer <greg.freemyer@gmail.com> wrote:
> >> create temp file
> >> write out new data
> >> delete old file
> >> rename temp file to primary name
> >> ===
> >>
> >> If so there is still a little window of vulnerability where the whole
> >> file can be lost. (Or at least only the temp file is present).
> >
> > Delete isn't used, rename will overwrite the old file. So it's safe.
> > Meta-data is probably lost, file owner is certainly lost.
> >
> > Olaf
>
> So ACLs are lost?
>
> That seems like a potentially bigger issue than loosing the owner/group info.
>
> And I assume if the owner changes, then the new owner has privileges
> to modify ACLs he didn't have previously.
>
> So if I want to instigate a simple denial of service in a multi-user
> environment, I edit a few key docs that I have privileges to edit. By
> doing so I take ownership. As owner I change the permissions and
> ACLs so that no one but me can access them.
>
> Seems like a security hole to me.
Giving someone you don't trust uncontrolled write access to something you
value has always been a security issue - long before ACLs or editors or
computers.
NeilBrown
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2010-12-28 22:35 UTC|newest]
Thread overview: 73+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-29 12:37 Atomic non-durable file write API Olaf van der Spek
2010-12-01 10:27 ` Olaf van der Spek
2010-12-06 16:45 ` Olaf van der Spek
2010-12-06 17:03 ` Randy Dunlap
2010-12-09 12:03 ` Olaf van der Spek
2010-12-16 12:22 ` Olaf van der Spek
2010-12-16 20:11 ` Ric Wheeler
2010-12-18 22:15 ` Calvin Walton
2010-12-19 16:39 ` Olaf van der Spek
2010-12-23 15:49 ` Olaf van der Spek
2010-12-23 21:51 ` Neil Brown
2010-12-23 22:22 ` Ted Ts'o
2010-12-24 0:30 ` Christian Stroetmann
2010-12-24 0:48 ` Ted Ts'o
2010-12-24 1:00 ` Christian Stroetmann
2010-12-24 9:51 ` Ted Ts'o
2010-12-24 11:14 ` Olaf van der Spek
2010-12-24 11:25 ` Christian Stroetmann
2010-12-25 3:15 ` Ted Ts'o
2010-12-25 10:41 ` Olaf van der Spek
2010-12-25 11:33 ` Nick Piggin
2010-12-25 15:24 ` Olaf van der Spek
2010-12-25 17:25 ` Nick Piggin
2010-12-26 15:08 ` Olaf van der Spek
2010-12-26 15:55 ` Boaz Harrosh
2010-12-26 16:02 ` Olaf van der Spek
2010-12-26 16:27 ` Boaz Harrosh
2010-12-26 18:26 ` Olaf van der Spek
2010-12-26 16:43 ` Nick Piggin
2010-12-26 18:51 ` Olaf van der Spek
2010-12-26 22:10 ` Ted Ts'o
2010-12-27 0:30 ` Christian Stroetmann
2010-12-27 1:04 ` Ted Ts'o
2010-12-27 1:30 ` Christian Stroetmann
2010-12-27 2:53 ` Ted Ts'o
2010-12-27 10:21 ` Olaf van der Spek
2010-12-27 11:07 ` Marco Stornelli
2010-12-27 15:30 ` Christian Stroetmann
2010-12-27 19:07 ` Olaf van der Spek
2010-12-27 19:30 ` Christian Stroetmann
2010-12-28 17:22 ` Olaf van der Spek
2010-12-28 20:59 ` Neil Brown
2010-12-28 22:00 ` Greg Freemyer
2010-12-28 22:06 ` Olaf van der Spek
2010-12-28 22:15 ` Greg Freemyer
2010-12-28 22:28 ` Olaf van der Spek
2010-12-28 22:35 ` Neil Brown [this message]
2010-12-29 11:05 ` Dave Chinner
2010-12-28 22:10 ` Olaf van der Spek
2010-12-28 22:31 ` Neil Brown
2010-12-28 22:54 ` Olaf van der Spek
2010-12-28 23:42 ` Ted Ts'o
2010-12-29 9:09 ` Olaf van der Spek
2010-12-29 15:30 ` Christian Stroetmann
2010-12-29 15:41 ` Olaf van der Spek
2010-12-29 16:30 ` Christian Stroetmann
2010-12-29 17:14 ` Olaf van der Spek
2010-12-30 0:50 ` Neil Brown
2011-01-07 14:23 ` Olaf van der Spek
2010-12-27 4:12 ` Nick Piggin
2010-12-27 11:48 ` Olaf van der Spek
2010-12-27 12:43 ` Olaf van der Spek
2010-12-28 0:45 ` Ted Ts'o
2010-12-24 11:21 ` Christian Stroetmann
2010-12-24 11:17 ` Olaf van der Spek
2010-12-24 11:29 ` Christian Stroetmann
2010-12-24 11:30 ` Olaf van der Spek
2010-12-25 21:40 ` Neil Brown
2010-12-23 22:43 ` Dave Chinner
2010-12-23 22:47 ` Ted Ts'o
2010-12-26 9:59 ` Amir Goldstein
2010-12-26 15:23 ` Olaf van der Spek
2010-12-26 16:52 ` Nick Piggin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101229093538.5a082e02@notabene.brown \
--to=neilb@suse.de \
--cc=greg.freemyer@gmail.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=npiggin@gmail.com \
--cc=olafvdspek@gmail.com \
--cc=stroetmann@ontolinux.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.