Re: Can the VFS layer rely on i_uid

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Al Viro <viro@ZenIV.linux.org.uk>
To: Andy Whitcroft <apw@canonical.com>
Cc: linux-fsdevel@vger.kernel.org, Kees Cook <kees@ubuntu.com>
Subject: Re: Can the VFS layer rely on i_uid
Date: Mon, 5 Mar 2012 13:26:43 +0000	[thread overview]
Message-ID: <20120305132642.GL23916@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20120305121239.GB9978@shadowen.org>

On Mon, Mar 05, 2012 at 12:12:39PM +0000, Andy Whitcroft wrote:

> When an inode does not provide a permissions() op generic permissions
> checks are used and these assume that i_mode, i_uid, and i_gid are
> all populated, using them directly to perform these checks.  When a
> permissions() op is provided obviously this code is not used.  What is not
> so clear to me is whether there is still an assumption or requirement that
> these are populated in this case.  My gut feeling is that if you have a
> permissions() op then there is no obligation to use these fields at all,
> indeed it seems entirely reasonable that your permission model not map
> sensibly onto such permissions.

Not quite...  Ideally, yes, we'd want to have ->i_uid used only by fs-specific
code and helpers used by that fs (including those that are implicit defaults).
And BTW, you proposal to have non-trivial differences in behaviour of code
based on whether ->permission() (and ->getattr()) is NULL is an atrocity -
this kind of layering violations is wrong and brittle, so please abstain from
that.  In practice we have enough places where uid/gid is used directly
to make setting them practically a requirement - places like /proc/<pid>/
can get away with not doing that, but only because shitloads of syscalls
are not allowed on those anyway, permissions or no permissions.  In anything
general-purpose you really need to set it.

next prev parent reply	other threads:[~2012-03-05 13:26 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-03-05 12:12 Can the VFS layer rely on i_uid Andy Whitcroft
2012-03-05 13:26 ` Al Viro [this message]
2012-03-05 13:48   ` Andy Whitcroft
2012-03-05 15:37     ` Szeredi Miklos
2012-03-12  6:40       ` Tetsuo Handa

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120305132642.GL23916@ZenIV.linux.org.uk \
    --to=viro@zeniv.linux.org.uk \
    --cc=apw@canonical.com \
    --cc=kees@ubuntu.com \
    --cc=linux-fsdevel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.