From: Alan Cox <alan@lxorguk.ukuu.org.uk>
To: Pavel Shilovsky <piastry@etersoft.ru>
Cc: linux-cifs@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-fsdevel@vger.kernel.org, wine-devel@winehq.org,
linux-nfs@vger.kernel.org
Subject: Re: [PATCH 0/3] Add O_DENY* flags to fcntl and cifs
Date: Thu, 6 Dec 2012 19:49:49 +0000 [thread overview]
Message-ID: <20121206194949.7ab20d56@pyramind.ukuu.org.uk> (raw)
In-Reply-To: <1354818391-7968-1-git-send-email-piastry@etersoft.ru>
On Thu, 6 Dec 2012 22:26:28 +0400
Pavel Shilovsky <piastry@etersoft.ru> wrote:
> Network filesystems CIFS, SMB2.0, SMB3.0 and NFSv4 have such flags - this change can benefit cifs and nfs modules. While this change is ok for network filesystems, itsn't not targeted for local filesystems due security problems (e.g. when a user process can deny root to delete a file).
If I have my root fs on NFS then the same applies does it not.
Your patches fail to describe the security semantics and what file rights
I must have to apply each option. How do I track down a lock user, what
tools are provided ? How do the new options interact with the security
layer?
I don't have a problem with the idea, but it needs a lot more clear
description of how it works so the model can be checked and if need be
things tweaked (eg needing write to denywrite etc)
Alan
next prev parent reply other threads:[~2012-12-06 19:44 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-12-06 18:26 [PATCH 0/3] Add O_DENY* flags to fcntl and cifs Pavel Shilovsky
2012-12-06 18:26 ` [PATCH 1/3] fcntl: Introduce new O_DENY* open flags for network filesystems Pavel Shilovsky
2012-12-06 18:26 ` [PATCH 2/3] CIFS: Add O_DENY* open flags support Pavel Shilovsky
2012-12-06 18:26 ` [PATCH 3/3] CIFS: Use NT_CREATE_ANDX command for forcemand mounts Pavel Shilovsky
2012-12-06 19:49 ` Alan Cox [this message]
2012-12-06 19:57 ` [PATCH 0/3] Add O_DENY* flags to fcntl and cifs Jeremy Allison
2012-12-06 20:13 ` Jeremy Allison
2012-12-06 21:31 ` Theodore Ts'o
2012-12-06 21:33 ` Jeremy Allison
2012-12-06 21:37 ` Theodore Ts'o
2012-12-06 21:39 ` Jeremy Allison
2012-12-07 14:29 ` Steve French
2012-12-07 14:30 ` Steve French
2012-12-07 16:34 ` Alan Cox
2012-12-07 9:08 ` Pavel Shilovsky
2012-12-07 14:52 ` J. Bruce Fields
2012-12-07 15:37 ` simo
2012-12-07 16:09 ` J. Bruce Fields
2012-12-07 16:16 ` Christoph Hellwig
2012-12-07 20:43 ` Pavel Shilovsky
2012-12-07 21:35 ` Alan Cox
2012-12-07 23:55 ` Myklebust, Trond
2012-12-10 16:41 ` J. Bruce Fields
2012-12-11 13:11 ` Jeff Layton
2012-12-12 8:34 ` David Laight
2012-12-14 14:12 ` Pavel Shilovsky
2012-12-14 15:30 ` Alan Cox
2012-12-14 19:19 ` Steve French
2012-12-17 15:36 ` J. Bruce Fields
-- strict thread matches above, loose matches on Subject: below --
2012-11-30 10:20 Pavel Shilovsky
2012-11-30 11:10 ` Pavel Shilovsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121206194949.7ab20d56@pyramind.ukuu.org.uk \
--to=alan@lxorguk.ukuu.org.uk \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=piastry@etersoft.ru \
--cc=wine-devel@winehq.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).