From: Pavel Machek <pavel@suse.cz>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: mj@ucw.cz, lmb@suse.de, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] private mounts
Date: Thu, 28 Apr 2005 15:08:19 +0200 [thread overview]
Message-ID: <20050428130819.GF2226@openzaurus.ucw.cz> (raw)
In-Reply-To: <E1DQquc-0002W6-00@dorka.pomaz.szeredi.hu>
Hi!
> > > Is it possible to limit all these from kernelspace? Probably yes,
> > > although a timeout for operations is something that cuts either way.
> > > And the compexity of these checks would probably be orders of
> > > magnitude higher then the check we are currently discussing.
> >
> > Yes ... but does the check we are discussing really solve the
> > problem?
> >
> > Let's say that you attempt to export home directories of users by a
> > user-space NFS daemon. This daemon probably changes its fsuid to
> > match the remote user, so the check happily accepts the access and
> > the user is able to lock up the daemon.
>
> Valid point. The only defense is that when a program set's fsuid,
> it's performing the operation "on behalf of the user". So the user is
> actually doing DoS against himself.
>
> Of course this is not strictly true. E.g. in the userspace NFS case
> it's probably a DoS against all users of the mount.
Exactly. So can we simply merge root-only fuse, and then worry
how to make it safe with user-mounted fuse. See your own unfsd example
why user-mounting is bad.
One possible solution would be to have root-owned fused that
talks to user-owned fused-s and checks they are behaving correctly?
Second is somehow improving those two lines this long thread is all about...
Pavel
--
64 bytes from 195.113.31.123: icmp_seq=28 ttl=51 time=448769.1 ms
next prev parent reply other threads:[~2005-04-28 18:11 UTC|newest]
Thread overview: 147+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <3WVU1-2GE-7@gated-at.bofh.it>
[not found] ` <3WWn1-2ZC-5@gated-at.bofh.it>
[not found] ` <3WWn1-2ZC-3@gated-at.bofh.it>
[not found] ` <3WWwR-3hT-35@gated-at.bofh.it>
[not found] ` <3WWwU-3hT-49@gated-at.bofh.it>
[not found] ` <3WWGj-3nm-3@gated-at.bofh.it>
[not found] ` <3WWQ9-3uA-15@gated-at.bofh.it>
[not found] ` <3WWZG-3AC-7@gated-at.bofh.it>
[not found] ` <3X630-2qD-21@gated-at.bofh.it>
[not found] ` <3X8HA-4IH-15@gated-at.bofh.it>
[not found] ` <3Xagd-5Wb-1@gated-at.bofh.it>
2005-04-25 15:17 ` [PATCH] private mounts Bodo Eggert <harvested.in.lkml@posting.7eggert.dyndns.org>
2005-04-25 16:18 ` Ram
2005-04-25 19:10 ` Jamie Lokier
2005-04-26 9:16 ` Miklos Szeredi
2005-04-26 9:19 ` Christoph Hellwig
2005-04-26 9:22 ` Miklos Szeredi
2005-04-26 9:36 ` Christoph Hellwig
2005-04-26 9:41 ` Miklos Szeredi
2005-04-26 9:47 ` Christoph Hellwig
2005-04-26 9:53 ` Miklos Szeredi
2005-04-26 9:56 ` Christoph Hellwig
2005-04-26 10:01 ` Miklos Szeredi
2005-04-26 10:09 ` Christoph Hellwig
2005-04-26 12:08 ` Miklos Szeredi
2005-04-26 10:02 ` Christoph Hellwig
2005-04-26 13:19 ` Pavel Machek
2005-04-26 13:28 ` Miklos Szeredi
2005-04-26 20:14 ` Pavel Machek
2005-04-27 8:49 ` Miklos Szeredi
2005-04-27 9:24 ` Pavel Machek
2005-04-27 10:42 ` Miklos Szeredi
2005-04-27 11:57 ` Jan Hudec
2005-04-27 12:23 ` Miklos Szeredi
2005-04-27 12:39 ` Jan Hudec
2005-04-27 13:22 ` Miklos Szeredi
2005-04-27 14:40 ` Jamie Lokier
2005-04-27 14:58 ` Pavel Machek
2005-04-27 23:21 ` Trond Myklebust
2005-04-28 8:24 ` Pavel Machek
2005-04-28 8:28 ` Miklos Szeredi
2005-04-28 11:35 ` Trond Myklebust
2005-04-28 17:58 ` Bryan Henderson
2005-04-28 19:46 ` Trond Myklebust
2005-04-28 22:38 ` Bryan Henderson
2005-04-29 0:35 ` Trond Myklebust
2005-04-27 14:31 ` Jamie Lokier
2005-04-27 14:46 ` Miklos Szeredi
2005-04-27 14:55 ` Miklos Szeredi
2005-04-27 15:33 ` Martin Mares
2005-04-27 15:50 ` Lars Marowsky-Bree
2005-04-27 16:46 ` Martin Mares
2005-04-27 17:38 ` Miklos Szeredi
2005-04-27 17:54 ` Martin Mares
2005-04-27 18:05 ` Miklos Szeredi
2005-04-27 18:25 ` Martin Mares
2005-04-27 18:42 ` Miklos Szeredi
2005-04-28 13:08 ` Pavel Machek [this message]
2005-04-28 19:41 ` Miklos Szeredi
2005-04-28 20:21 ` Pavel Machek
2005-04-27 17:33 ` Miklos Szeredi
2005-04-27 17:39 ` Ram
2005-04-27 17:47 ` Miklos Szeredi
2005-04-27 17:55 ` Ram
2005-04-27 18:09 ` Miklos Szeredi
2005-04-27 19:40 ` Ram
2005-04-27 20:03 ` Miklos Szeredi
2005-04-27 21:38 ` Ram
2005-04-28 7:00 ` Miklos Szeredi
2005-04-28 19:30 ` Ram
2005-04-27 20:55 ` Bill Davidsen
2005-04-28 7:24 ` Miklos Szeredi
[not found] ` <20050427174641.GZ4431@marowsky-bree.de>
2005-04-27 17:52 ` Miklos Szeredi
2005-04-26 10:00 ` Andrew Morton
2005-04-26 10:04 ` Christoph Hellwig
2005-04-26 10:14 ` Andrew Morton
2005-04-26 10:38 ` Christoph Hellwig
2005-04-26 13:05 ` Eric Van Hensbergen
2005-04-26 14:14 ` Miklos Szeredi
2005-04-26 15:01 ` Eric Van Hensbergen
2005-04-26 18:55 ` Bryan Henderson
2005-04-26 9:30 ` Martin Mares
2005-04-25 19:02 ` Bryan Henderson
2005-04-26 8:58 ` Jan Hudec
2005-04-26 11:48 ` Bodo Eggert
2005-04-26 17:10 ` Bryan Henderson
2005-04-26 20:08 ` Bodo Eggert
2005-04-26 22:07 ` Bryan Henderson
2005-04-27 8:18 ` Bodo Eggert
2005-04-25 19:03 ` Jamie Lokier
2005-04-26 9:05 ` Jan Hudec
2005-04-26 11:46 ` Bodo Eggert
2005-05-10 18:28 Nir Tzachar
2005-05-10 19:15 ` Jan Hudec
-- strict thread matches above, loose matches on Subject: below --
2005-04-24 20:08 Miklos Szeredi
2005-04-24 20:13 ` Al Viro
2005-04-24 20:45 ` Miklos Szeredi
2005-04-24 20:18 ` Christoph Hellwig
2005-04-24 20:50 ` Miklos Szeredi
2005-04-24 20:54 ` Al Viro
2005-04-24 20:59 ` Miklos Szeredi
2005-04-24 21:06 ` Al Viro
2005-04-24 21:15 ` Miklos Szeredi
2005-04-24 21:19 ` Al Viro
2005-04-24 21:29 ` Miklos Szeredi
2005-04-24 21:39 ` Jamie Lokier
2005-04-25 7:10 ` Jan Hudec
2005-04-25 9:58 ` Miklos Szeredi
2005-04-25 11:45 ` Jan Hudec
2005-04-30 8:35 ` Christoph Hellwig
2005-04-30 9:25 ` Miklos Szeredi
2005-04-30 9:42 ` Jamie Lokier
2005-04-30 10:14 ` Miklos Szeredi
2005-04-30 14:36 ` Jamie Lokier
2005-04-30 15:59 ` Miklos Szeredi
2005-04-30 16:42 ` Jamie Lokier
2005-04-30 17:07 ` Miklos Szeredi
2005-04-30 18:20 ` Olivier Galibert
2005-04-30 23:58 ` Jamie Lokier
2005-05-01 2:39 ` Ram
2005-04-30 23:54 ` Jamie Lokier
2005-05-01 5:56 ` Miklos Szeredi
2005-05-01 6:39 ` Miklos Szeredi
2005-05-01 15:41 ` Eric Van Hensbergen
2005-05-11 9:00 ` Christoph Hellwig
2005-05-11 10:42 ` Miklos Szeredi
2005-04-24 21:43 ` Jamie Lokier
2005-04-25 7:14 ` Jan Hudec
2005-04-27 9:14 ` Helge Hafting
2005-04-25 9:48 ` Olivier Galibert
2005-04-25 16:37 ` Tim Hockin
2005-04-30 8:37 ` Christoph Hellwig
2005-04-25 21:09 ` Bryan Henderson
2005-04-24 21:38 ` Jamie Lokier
2005-04-24 22:20 ` Ram
2005-04-24 22:22 ` Jamie Lokier
2005-04-25 6:00 ` Miklos Szeredi
2005-04-25 6:41 ` Ram
2005-04-25 9:55 ` Miklos Szeredi
2005-04-25 7:22 ` Jan Hudec
2005-04-25 10:08 ` Miklos Szeredi
2005-04-25 15:20 ` Pavel Machek
2005-04-25 19:07 ` Jamie Lokier
2005-04-26 9:29 ` Pavel Machek
2005-04-26 14:07 ` Jamie Lokier
2005-04-28 13:28 ` Eric Van Hensbergen
2005-04-28 19:22 ` Jamie Lokier
2005-04-28 13:47 ` Eric Van Hensbergen
2005-04-28 19:20 ` Jamie Lokier
2005-04-28 19:39 ` Ram
2005-04-28 22:08 ` Jamie Lokier
2005-04-29 7:57 ` Ram
2005-04-29 14:13 ` Miklos Szeredi
2005-04-29 14:42 ` Jamie Lokier
2005-04-30 8:33 ` Christoph Hellwig
2005-04-30 16:47 ` Ram
2005-04-24 21:06 ` Christoph Hellwig
2005-04-24 21:12 ` Jamie Lokier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050428130819.GF2226@openzaurus.ucw.cz \
--to=pavel@suse.cz \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lmb@suse.de \
--cc=miklos@szeredi.hu \
--cc=mj@ucw.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).