Re: noacl and nouser_xattr

[Eric Sandeen <sandeen@redhat.com>]

On 11/18/13, 8:26 AM, Paul FM wrote:
> 
> Yes - I need noacl and nouser_xattr
> 
> How about documenting your intent to remove them in the man pages.
> 
> acl support and user_xattr support need to be off on the / and /usr
> filesystems to simplify security. Actually I want a way to turn off
> ALL extended attribute support on any filesystem.  How about noxattr
> (which would turn off ALL extended attribute support including acls).
> I also use nosuid on filesystems that shouldn't have any suid files.
> 
> This is to follow the security principal - "If you aren't using it
> and don't need it - turn it off".

FWIW, it still can be disabled at build time via CONFIG_EXT3_FS_POSIX_ACL

But if you are using a distro kernel that turns that on, I see
your point about noacl.

However, I'm not sure how nouser_xattr comes into the argument?
xattrs by themselves are just metadata; they don't impact security
control unless they are a special kind of xattrs (i.e. acls).

Thanks,
-Eric

> The simple Posix/Unix permissions are more than enough security
> control in almost every situation I have run into (only wish I could
> use them in Windows).
> 
> Having worked extensively with ACLS on Windows (and some older Main
> Frame OSes) - I note that ACL's add a level of complexity to security
> that actually makes for less security.  I see the need to support
> them in Unix/Linux - but they should be OFF unless someone
> specifically wants to use them (at least don't make them hard to turn
> off).
> 
> Just try auditing the security of a windows filesystem if you don't
> think ACL's add extreme complexity (I gave up - I just forcibily set
> all the ACL's myself by script using the unix Owner,Group,Other
> concepts as a model to simplify what I am setting).
> 
> 
> 
>