On 05/ 3/10 07:36 PM, Edward Ned Harvey wrote:
In order to describe the first baby step, I acknowledge:
* At present, there is no reference in the filesystem, from a file to its
parent directory(ies). So at present, it's only possible to identify the
path name of an *directory* by inode number.
* There is a potential security risk, so even the reverse directory lookup
by inode, can only be done by root.
* The function is only available in solaris/opensolaris kernel, so it can
only be done locally (not NFS or CIFS)
And probably some more important limitations.
Its worse than that -- unless the reference is in kernel memory, there
is no reference on disk that goes backwards from inode to path name.
find (see below) is about the only way that is guaranteed to work -- and
of course that only finds inodes that actually *have* an active
pathname. (unlink(2) is sometimes used to leave a scratch file without
a name in the filesystem.)
-- Garrett
So the first baby step is simply to reverse lookup any directory, as root,
on a local ZFS filesystem. Hopefully this can be built into an application
which root runs, and not purely limited to inside the kernel. You'd be
surprised how many people tell me "Can't be done." So a very limited case
proof of concept is a good start.
Ideally, the second step is to create a setuid root executable, such as
sudo, which local "normal" users can run, which will become root for a
moment, derive the path, check to see if the normal user has access to that
path name, and upon success, print the results.
Naturally, the whole process must be nearly instant. Which means "find
/tank/.zfs/snapshot -inum 12345" is not acceptable.
As things develop more, I expect more interest to arise. But for now, I'm
all alone. For now, I only know this can be done in theory, and it's very
unclear if even the slightest thing necessary for implementation is actually
available at all.
_______________________________________________
opensolaris-code mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/opensolaris-code
_______________________________________________
opensolaris-code mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/opensolaris-code
