From: "J. Bruce Fields" <bfields-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org>
To: Pavel Shilovsky <piastry-7qunaywFIewox3rIn2DAYQ@public.gmane.org>
Cc: Christoph Hellwig <hch-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>,
linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
wine-devel-5vRYHf7vrtgdnm+yROfE0A@public.gmane.org,
linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH 0/3] Add O_DENY* flags to fcntl and cifs
Date: Mon, 10 Dec 2012 11:41:16 -0500 [thread overview]
Message-ID: <20121210164116.GC13327@fieldses.org> (raw)
In-Reply-To: <495d17310e0a687d446afc86def0f058-Gr3b2bv8/haq3CaADJ+gRi8mxiWnj2XH@public.gmane.org>
On Sat, Dec 08, 2012 at 12:43:14AM +0400, Pavel Shilovsky wrote:
> The problem is the possibility of denial-of-service attacks here. We
> can try to prevent them by:
> 1) specifying an extra security bit on the file that indicates that
> share flags are accepted (like we have for mandatory locks now) and
> setting it for neccessary files only, or
> 2) adding a special mount option (but it it probably makes sense if
> we decided to add this support for CIFS and NFS only).
In the case of knfsd and samba exporting a common filesystem, you'd also
want to be able to enforce it on the exported filesystem.
--b.
WARNING: multiple messages have this Message-ID (diff)
From: "J. Bruce Fields" <bfields@fieldses.org>
To: Pavel Shilovsky <piastry@etersoft.ru>
Cc: Christoph Hellwig <hch@infradead.org>,
linux-cifs@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-fsdevel@vger.kernel.org, wine-devel@winehq.org,
linux-nfs@vger.kernel.org
Subject: Re: [PATCH 0/3] Add O_DENY* flags to fcntl and cifs
Date: Mon, 10 Dec 2012 11:41:16 -0500 [thread overview]
Message-ID: <20121210164116.GC13327@fieldses.org> (raw)
In-Reply-To: <495d17310e0a687d446afc86def0f058@office.etersoft.ru>
On Sat, Dec 08, 2012 at 12:43:14AM +0400, Pavel Shilovsky wrote:
> The problem is the possibility of denial-of-service attacks here. We
> can try to prevent them by:
> 1) specifying an extra security bit on the file that indicates that
> share flags are accepted (like we have for mandatory locks now) and
> setting it for neccessary files only, or
> 2) adding a special mount option (but it it probably makes sense if
> we decided to add this support for CIFS and NFS only).
In the case of knfsd and samba exporting a common filesystem, you'd also
want to be able to enforce it on the exported filesystem.
--b.
next prev parent reply other threads:[~2012-12-10 16:41 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-12-06 18:26 [PATCH 0/3] Add O_DENY* flags to fcntl and cifs Pavel Shilovsky
2012-12-06 18:26 ` Pavel Shilovsky
2012-12-06 18:26 ` [PATCH 2/3] CIFS: Add O_DENY* open flags support Pavel Shilovsky
2012-12-06 18:26 ` [PATCH 3/3] CIFS: Use NT_CREATE_ANDX command for forcemand mounts Pavel Shilovsky
[not found] ` <1354818391-7968-1-git-send-email-piastry-7qunaywFIewox3rIn2DAYQ@public.gmane.org>
2012-12-06 18:26 ` [PATCH 1/3] fcntl: Introduce new O_DENY* open flags for network filesystems Pavel Shilovsky
2012-12-06 18:26 ` Pavel Shilovsky
2012-12-06 19:49 ` [PATCH 0/3] Add O_DENY* flags to fcntl and cifs Alan Cox
2012-12-06 19:49 ` Alan Cox
2012-12-06 19:57 ` Jeremy Allison
2012-12-06 20:13 ` Jeremy Allison
2012-12-06 21:31 ` Theodore Ts'o
2012-12-06 21:31 ` Theodore Ts'o
[not found] ` <20121206213133.GB4821-AKGzg7BKzIDYtjvyW6yDsg@public.gmane.org>
2012-12-06 21:33 ` Jeremy Allison
2012-12-06 21:33 ` Jeremy Allison
2012-12-06 21:37 ` Theodore Ts'o
2012-12-06 21:37 ` Theodore Ts'o
[not found] ` <20121206213727.GC4821-AKGzg7BKzIDYtjvyW6yDsg@public.gmane.org>
2012-12-06 21:39 ` Jeremy Allison
2012-12-06 21:39 ` Jeremy Allison
2012-12-07 14:29 ` Steve French
2012-12-07 14:29 ` Steve French
[not found] ` <CAH2r5msoPiu7wz-HjnnqTxeBLVEQiMYSnLMaZ+dEr11j6Fo4Ew-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-12-07 14:30 ` Steve French
2012-12-07 14:30 ` Steve French
2012-12-07 16:34 ` Alan Cox
2012-12-07 16:34 ` Alan Cox
2012-12-07 9:08 ` Pavel Shilovsky
2012-12-07 9:08 ` Pavel Shilovsky
[not found] ` <CAKywueQ3d=wdq2nw5f-QS-D9PY70Axa3Cn0gi5GRk4Xso+iquA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-12-07 14:52 ` J. Bruce Fields
2012-12-07 14:52 ` J. Bruce Fields
[not found] ` <20121207145206.GF17115-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org>
2012-12-07 15:37 ` simo
2012-12-07 15:37 ` simo
2012-12-07 16:09 ` J. Bruce Fields
2012-12-07 16:16 ` Christoph Hellwig
2012-12-07 16:16 ` Christoph Hellwig
[not found] ` <20121207161602.GA17710-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>
2012-12-07 20:43 ` Pavel Shilovsky
2012-12-07 20:43 ` Pavel Shilovsky
[not found] ` <495d17310e0a687d446afc86def0f058-Gr3b2bv8/haq3CaADJ+gRi8mxiWnj2XH@public.gmane.org>
2012-12-07 21:35 ` Alan Cox
2012-12-07 21:35 ` Alan Cox
2012-12-10 16:41 ` J. Bruce Fields [this message]
2012-12-10 16:41 ` J. Bruce Fields
[not found] ` <20121210164116.GC13327-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org>
2012-12-11 13:11 ` Jeff Layton
2012-12-11 13:11 ` Jeff Layton
2012-12-07 23:55 ` Myklebust, Trond
2012-12-07 23:55 ` Myklebust, Trond
2012-12-07 23:55 ` Myklebust, Trond
2012-12-12 8:34 ` David Laight
2012-12-12 8:34 ` David Laight
[not found] ` <20121212083401.GW5010-y8aDsudeyGZKtrsfIrZdgrVCufUGDwFn@public.gmane.org>
2012-12-14 14:12 ` Pavel Shilovsky
2012-12-14 14:12 ` Pavel Shilovsky
[not found] ` <CAKywueSN++ZCNJ1zbET_axuwXd2ZujvSof9H82E3AdeZWY_BgQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-12-14 15:30 ` Alan Cox
2012-12-14 15:30 ` Alan Cox
[not found] ` <20121214153000.62af6cbc-38n7/U1jhRXW96NNrWNlrekiAK3p4hvP@public.gmane.org>
2012-12-14 19:19 ` Steve French
2012-12-14 19:19 ` Steve French
[not found] ` <CAH2r5muRyB2529EcQXFysrSDpMKe0m3JfiEc5929O6oTmG-ThQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2012-12-17 15:36 ` J. Bruce Fields
2012-12-17 15:36 ` J. Bruce Fields
-- strict thread matches above, loose matches on Subject: below --
2012-11-30 10:20 Pavel Shilovsky
2012-11-30 10:20 ` Pavel Shilovsky
[not found] ` <1354270840-7272-1-git-send-email-piastry-7qunaywFIewox3rIn2DAYQ@public.gmane.org>
2012-11-30 11:10 ` Pavel Shilovsky
2012-11-30 11:10 ` Pavel Shilovsky
2012-11-21 14:25 Pavel Shilovsky
[not found] ` <1353507930-10908-1-git-send-email-piastry-7qunaywFIewox3rIn2DAYQ@public.gmane.org>
2012-11-21 14:47 ` Pavel Shilovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121210164116.GC13327@fieldses.org \
--to=bfields-uc3wqj2krung9huczpvpmw@public.gmane.org \
--cc=hch-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org \
--cc=linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=piastry-7qunaywFIewox3rIn2DAYQ@public.gmane.org \
--cc=wine-devel-5vRYHf7vrtgdnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.