From: "Theodore Y. Ts'o" <tytso@mit.edu>
To: Christian Schoenebeck <qemu_oss@crudebyte.com>
Cc: "Dr. David Alan Gilbert" <dgilbert@redhat.com>,
Miklos Szeredi <miklos@szeredi.hu>,
Al Viro <viro@zeniv.linux.org.uk>,
Frank van der Linden <fllinden@amazon.com>,
Dave Chinner <david@fromorbit.com>, Greg Kurz <groug@kaod.org>,
linux-fsdevel@vger.kernel.org,
Stefan Hajnoczi <stefanha@redhat.com>,
Miklos Szeredi <mszeredi@redhat.com>,
Vivek Goyal <vgoyal@redhat.com>,
Giuseppe Scrivano <gscrivan@redhat.com>,
Daniel J Walsh <dwalsh@redhat.com>,
Chirantan Ekbote <chirantan@chromium.org>
Subject: Re: file forks vs. xattr (was: xattr names for unprivileged stacking?)
Date: Fri, 28 Aug 2020 10:46:56 -0400 [thread overview]
Message-ID: <20200828144656.GF7180@mit.edu> (raw)
In-Reply-To: <11755866.l6z0jNX47O@silver>
On Fri, Aug 28, 2020 at 11:11:15AM +0200, Christian Schoenebeck wrote:
>
> Built-in path resolution would be nice, but it won't be a show stopper for
> such common utils if not. For instance on Solaris there is:
>
> runat <filename> <cmd> ...
>
> which works something like fchdir(); execv(); you loose some flexibility, but
> in practice still OK.
And we know from the Solaris experience that it was used *much* more
by malware authors (since most Unix security scanners didn't know
about forks) than any legitmate users.
Which is another way of saying, it's a bad idea --- unless you are a
malware author.
- Ted
next prev parent reply other threads:[~2020-08-28 14:47 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-28 10:55 xattr names for unprivileged stacking? Dr. David Alan Gilbert
2020-07-28 13:08 ` Greg Kurz
2020-07-28 13:55 ` Christian Schoenebeck
2020-08-04 11:28 ` Dr. David Alan Gilbert
2020-08-04 13:51 ` Christian Schoenebeck
2020-08-12 11:18 ` Dr. David Alan Gilbert
2020-08-12 13:34 ` Christian Schoenebeck
2020-08-12 14:33 ` Dr. David Alan Gilbert
2020-08-13 9:01 ` Christian Schoenebeck
2020-08-16 22:56 ` Dave Chinner
2020-08-16 23:09 ` Matthew Wilcox
2020-08-17 0:29 ` Dave Chinner
2020-08-17 10:37 ` file forks vs. xattr (was: xattr names for unprivileged stacking?) Christian Schoenebeck
2020-08-23 23:40 ` Dave Chinner
2020-08-24 15:30 ` Christian Schoenebeck
2020-08-24 20:01 ` Miklos Szeredi
2020-08-24 21:26 ` Frank van der Linden
2020-08-24 22:29 ` Theodore Y. Ts'o
2020-08-25 15:12 ` Christian Schoenebeck
2020-08-25 15:32 ` Miklos Szeredi
2020-08-27 12:02 ` Christian Schoenebeck
2020-08-27 12:25 ` Matthew Wilcox
2020-08-27 13:48 ` Christian Schoenebeck
2020-08-27 14:01 ` Matthew Wilcox
2020-08-27 14:23 ` Christian Schoenebeck
2020-08-27 14:25 ` Matthew Wilcox
2020-08-27 14:44 ` Al Viro
2020-08-27 16:29 ` Dr. David Alan Gilbert
2020-08-27 16:35 ` Matthew Wilcox
2020-08-28 9:11 ` Christian Schoenebeck
2020-08-28 14:46 ` Theodore Y. Ts'o [this message]
2020-08-27 15:22 ` xattr names for unprivileged stacking? Matthew Wilcox
2020-08-27 22:24 ` Dave Chinner
2020-08-29 16:07 ` Matthew Wilcox
2020-08-29 16:13 ` Al Viro
2020-08-29 17:51 ` Miklos Szeredi
2020-08-29 18:04 ` Al Viro
2020-08-29 18:22 ` Christian Schoenebeck
2020-08-29 19:13 ` Miklos Szeredi
2020-08-29 19:25 ` Al Viro
2020-08-30 19:05 ` Miklos Szeredi
2020-08-30 19:10 ` Matthew Wilcox
2020-08-31 7:34 ` Miklos Szeredi
2020-08-31 11:37 ` Matthew Wilcox
2020-08-31 11:51 ` Miklos Szeredi
2020-08-31 13:23 ` Matthew Wilcox
2020-08-31 14:21 ` Miklos Szeredi
2020-08-31 14:25 ` Theodore Y. Ts'o
2020-08-31 14:45 ` Matthew Wilcox
2020-08-31 14:49 ` Miklos Szeredi
2020-09-01 3:34 ` Dave Chinner
2020-09-01 14:52 ` Theodore Y. Ts'o
2020-09-01 15:14 ` Theodore Y. Ts'o
2020-09-02 5:19 ` Dave Chinner
2020-08-31 18:02 ` Andreas Dilger
2020-09-01 3:48 ` Dave Chinner
2020-08-29 19:17 ` Matthew Wilcox
2020-08-29 19:40 ` Al Viro
2020-08-29 20:12 ` Matthew Wilcox
2020-08-31 14:23 ` Theodore Y. Ts'o
2020-08-31 14:40 ` Matthew Wilcox
2020-08-31 16:11 ` Christian Schoenebeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200828144656.GF7180@mit.edu \
--to=tytso@mit.edu \
--cc=chirantan@chromium.org \
--cc=david@fromorbit.com \
--cc=dgilbert@redhat.com \
--cc=dwalsh@redhat.com \
--cc=fllinden@amazon.com \
--cc=groug@kaod.org \
--cc=gscrivan@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=mszeredi@redhat.com \
--cc=qemu_oss@crudebyte.com \
--cc=stefanha@redhat.com \
--cc=vgoyal@redhat.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.