From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mike Waychison Subject: Re: [patch 1/1] Drop CAP_SYS_RAWIO requirement for FIBMAP Date: Thu, 25 Oct 2007 17:35:52 -0700 Message-ID: <47213668.50907@google.com> References: <20071025230758.945535769@crlf.corp.google.com> <20071026012217.4cc30390@the-village.bc.nu> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: linux-fsdevel , Linux Kernel To: Alan Cox Return-path: Received: from smtp-out.google.com ([216.239.33.17]:56156 "EHLO smtp-out.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752282AbXJZAgH (ORCPT ); Thu, 25 Oct 2007 20:36:07 -0400 In-Reply-To: <20071026012217.4cc30390@the-village.bc.nu> Sender: linux-fsdevel-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org Alan Cox wrote: > On Thu, 25 Oct 2007 16:06:40 -0700 > Mike Waychison wrote: > >> Remove the need for having CAP_SYS_RAWIO when doing a FIBMAP call on an open file descriptor. >> >> It would be nice to allow users to have permission to see where their data is landing on disk, and there really isn't a good reason to keep them from getting at this information. > > Historically this was done because people felt it was more secure. It > also allows you to make some deductions about other activities on the > disk but thats probably only a concern for very very security crazed > compartmentalised boxes > > Also historically at least FIBMAP could be abused to crash the system. > Now if you can verify that has been fixed I have no problem, but given > that I can find no record of that being fixed it would be wise to audit > it first and review Chris Evans and other reports about what occurs when > FIBMAP is passed random block numbers. > > FIBMAP has another problem for this general use as well - it takes an int > but the block number can now be bigger for very large files on 32bit. > > Alan I found Chris's comment about negative block numbers, I'll send a patch out for that. You mentioned back in 99 about racing with ftruncate. Is it sufficient to mutex_lock(i_mutex) and down_read(i_alloc_sem)? Mike Waychison