From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ipmail06.adl6.internode.on.net ([150.101.137.145]:24845 "EHLO ipmail06.adl6.internode.on.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751363AbdJFCQk (ORCPT ); Thu, 5 Oct 2017 22:16:40 -0400 Date: Fri, 6 Oct 2017 13:09:42 +1100 From: Dave Chinner To: "J. Bruce Fields" Cc: Theodore Ts'o , Adam Borowski , Al Viro , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] vfs: hard-ban creating files with control characters in the name Message-ID: <20171006020942.GS15067@dastard> References: <20171003005042.16470-1-kilobyte@angband.pl> <20171003020724.GH21978@ZenIV.linux.org.uk> <20171003164012.r4qnn5cr5kzmnft6@thunk.org> <20171003173215.axcwmd4ynmvgkyym@angband.pl> <20171003185852.2o7w4tst6q7xchfe@thunk.org> <20171005161619.GA16482@fieldses.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20171005161619.GA16482@fieldses.org> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Thu, Oct 05, 2017 at 12:16:19PM -0400, J. Bruce Fields wrote: > This kind of restriction sounds more like a permanent feature of the > filesystem--something you'd set at mkfs time. > > We already have filesystems with these kinds of restrictions, don't we? In general, no. Filename storage typically defined in the filesystem on-disk formats as an opaque string of bytes - the filesystem has no business parsing them to determine validity of the bytes. Think encrypted filenames and the like - control characters in the on-disk format are most definitely necessary and therefore must be legal. > It'd seem trivial to add a "disallow weird characters on this > superblock" flag to ext4. It seems that way until you consider the scope of work it would involve: to be an effective restrictive mechanism, we'd have to add it to the on-disk format of every supported filesystem, not just ext4. And then, because it has become part of the defined on disk format, every userspace utility for each filesystem has to support it - mkfs, fsck, etc. Filesystem on-disk format documentation needs to be updated. And checking filenames for validity under this new scheme and "fixing" them if they are invalid (i.e. corrupt) needs to be added to fsck, online scrubbers, etc. Then there's all the test infrastructure that is needed around this, too, so we can ensure that every filesystem implements the exact same semantics and behaviour. And if it changes the way directories are formatted on disk for a filesystem, then you've got to do non-obvious stuff like /patch grub/ so it can parse the new format from the bootloader context. Nothing is trivial or simple when you start needing to add on-disk features to filesystems... Cheers, Dave. -- Dave Chinner david@fromorbit.com