From: Greg Freemyer <greg.freemyer@gmail.com>
To: Olaf van der Spek <olafvdspek@gmail.com>
Cc: Neil Brown <neilb@suse.de>,
Christian Stroetmann <stroetmann@ontolinux.com>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
linux-ext4@vger.kernel.org, "Ted Ts'o" <tytso@mit.edu>,
Nick Piggin <npiggin@gmail.com>
Subject: Re: Atomic non-durable file write API
Date: Tue, 28 Dec 2010 17:15:57 -0500 [thread overview]
Message-ID: <AANLkTinJVJM0Gb2osYQeTUetuVTkJYyXfQR0fkmwS_Pg@mail.gmail.com> (raw)
In-Reply-To: <AANLkTin361ZYPc7X5++E0DPZ1_Ndt5naprXeGJJJtgqy@mail.gmail.com>
On Tue, Dec 28, 2010 at 5:06 PM, Olaf van der Spek <olafvdspek@gmail.com> wrote:
> On Tue, Dec 28, 2010 at 11:00 PM, Greg Freemyer <greg.freemyer@gmail.com> wrote:
>> create temp file
>> write out new data
>> delete old file
>> rename temp file to primary name
>> ===
>>
>> If so there is still a little window of vulnerability where the whole
>> file can be lost. (Or at least only the temp file is present).
>
> Delete isn't used, rename will overwrite the old file. So it's safe.
> Meta-data is probably lost, file owner is certainly lost.
>
> Olaf
So ACLs are lost?
That seems like a potentially bigger issue than loosing the owner/group info.
And I assume if the owner changes, then the new owner has privileges
to modify ACLs he didn't have previously.
So if I want to instigate a simple denial of service in a multi-user
environment, I edit a few key docs that I have privileges to edit. By
doing so I take ownership. As owner I change the permissions and
ACLs so that no one but me can access them.
Seems like a security hole to me.
Greg
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2010-12-28 22:15 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <AANLkTing7+SK+pavFehR4AGDbRRfFwvvzNxgWQ3zRp+O@mail.gmail.com>
2010-12-09 12:03 ` Atomic non-durable file write API Olaf van der Spek
2010-12-16 12:22 ` Olaf van der Spek
2010-12-16 20:11 ` Ric Wheeler
2010-12-18 22:15 ` Calvin Walton
2010-12-19 16:39 ` Olaf van der Spek
2010-12-23 15:49 ` Olaf van der Spek
2010-12-23 21:51 ` Neil Brown
2010-12-23 22:22 ` Ted Ts'o
2010-12-24 0:30 ` Christian Stroetmann
2010-12-24 0:48 ` Ted Ts'o
2010-12-24 1:00 ` Christian Stroetmann
2010-12-24 9:51 ` Ted Ts'o
2010-12-24 11:14 ` Olaf van der Spek
2010-12-24 11:25 ` Christian Stroetmann
2010-12-25 3:15 ` Ted Ts'o
2010-12-25 10:41 ` Olaf van der Spek
2010-12-25 11:33 ` Nick Piggin
2010-12-25 15:24 ` Olaf van der Spek
2010-12-25 17:25 ` Nick Piggin
2010-12-26 15:08 ` Olaf van der Spek
2010-12-26 15:55 ` Boaz Harrosh
2010-12-26 16:02 ` Olaf van der Spek
2010-12-26 16:27 ` Boaz Harrosh
2010-12-26 18:26 ` Olaf van der Spek
2010-12-26 16:43 ` Nick Piggin
2010-12-26 18:51 ` Olaf van der Spek
2010-12-26 22:10 ` Ted Ts'o
2010-12-27 0:30 ` Christian Stroetmann
2010-12-27 1:04 ` Ted Ts'o
2010-12-27 1:30 ` Christian Stroetmann
2010-12-27 2:53 ` Ted Ts'o
2010-12-27 10:21 ` Olaf van der Spek
2010-12-27 11:07 ` Marco Stornelli
2010-12-27 15:30 ` Christian Stroetmann
2010-12-27 19:07 ` Olaf van der Spek
2010-12-27 19:30 ` Christian Stroetmann
2010-12-28 17:22 ` Olaf van der Spek
2010-12-28 20:59 ` Neil Brown
2010-12-28 22:00 ` Greg Freemyer
2010-12-28 22:06 ` Olaf van der Spek
2010-12-28 22:15 ` Greg Freemyer [this message]
2010-12-28 22:28 ` Olaf van der Spek
2010-12-28 22:35 ` Neil Brown
2010-12-29 11:05 ` Dave Chinner
2010-12-28 22:10 ` Olaf van der Spek
2010-12-28 22:31 ` Neil Brown
2010-12-28 22:54 ` Olaf van der Spek
2010-12-28 23:42 ` Ted Ts'o
2010-12-29 9:09 ` Olaf van der Spek
2010-12-29 15:30 ` Christian Stroetmann
2010-12-29 15:41 ` Olaf van der Spek
2010-12-29 16:30 ` Christian Stroetmann
2010-12-29 17:14 ` Olaf van der Spek
2010-12-30 0:50 ` Neil Brown
2011-01-07 14:23 ` Olaf van der Spek
2010-12-27 4:12 ` Nick Piggin
2010-12-27 11:48 ` Olaf van der Spek
2010-12-27 12:43 ` Olaf van der Spek
2010-12-28 0:45 ` Ted Ts'o
2010-12-24 11:21 ` Christian Stroetmann
2010-12-24 11:17 ` Olaf van der Spek
2010-12-24 11:29 ` Christian Stroetmann
2010-12-24 11:30 ` Olaf van der Spek
2010-12-25 21:40 ` Neil Brown
2010-12-23 22:43 ` Dave Chinner
2010-12-23 22:47 ` Ted Ts'o
2010-12-26 9:59 ` Amir Goldstein
2010-12-26 15:23 ` Olaf van der Spek
2010-12-26 16:52 ` Nick Piggin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=AANLkTinJVJM0Gb2osYQeTUetuVTkJYyXfQR0fkmwS_Pg@mail.gmail.com \
--to=greg.freemyer@gmail.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=neilb@suse.de \
--cc=npiggin@gmail.com \
--cc=olafvdspek@gmail.com \
--cc=stroetmann@ontolinux.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).