Quoting Seth Forshee (seth.fors...@canonical.com):
> On Mon, Oct 06, 2014 at 04:00:06PM +, Serge Hallyn wrote:
> > Quoting Seth Forshee (seth.fors...@canonical.com):
> > ...
> > > After digging into this some more I think I agree with you. At minimum
> > > letting users insert arbitrary xattrs
On Mon, Oct 06, 2014 at 04:00:06PM +, Serge Hallyn wrote:
> Quoting Seth Forshee (seth.fors...@canonical.com):
> ...
> > After digging into this some more I think I agree with you. At minimum
> > letting users insert arbitrary xattrs via fuse bypasses the usual
> > restrictions on setting xattr
Quoting Seth Forshee (seth.fors...@canonical.com):
...
> After digging into this some more I think I agree with you. At minimum
> letting users insert arbitrary xattrs via fuse bypasses the usual
> restrictions on setting xattrs. This is probably mitigated by the
> limited visibility of the fuse mo
On Tue, Sep 30, 2014 at 11:25:59AM -0500, Seth Forshee wrote:
> > >> From 6ae88ecfe4e8c8998478932ca225d1d9753b6c4b Mon Sep 17 00:00:00 2001
> > >> From: "Eric W. Biederman"
> > >> Date: Fri, 5 Oct 2012 14:33:36 -0700
> > >> Subject: [PATCH 4/4] fuse: Only allow read/writing user xattrs
> > >>
> >
On Mon, Sep 29, 2014 at 12:34:44PM -0700, Eric W. Biederman wrote:
> >> -static void fuse_fillattr(struct inode *inode, struct fuse_attr *attr,
> >> +static int fuse_fillattr(struct inode *inode, struct fuse_attr *attr,
> >> struct kstat *stat)
> >> {
> >>unsigned int blkb
Seth Forshee writes:
> On Fri, Sep 26, 2014 at 06:41:33PM -0700, Eric W. Biederman wrote:
>> >> I am on the fence about what to do when a uid from the filesystem server
>> >> or for other filesystems the on-disk data structures does not map, but
>> >> make_bad_inode is simpler in conception. So
On Fri, Sep 26, 2014 at 06:41:33PM -0700, Eric W. Biederman wrote:
> >> I am on the fence about what to do when a uid from the filesystem server
> >> or for other filesystems the on-disk data structures does not map, but
> >> make_bad_inode is simpler in conception. So make_bad_inode seems like
>
Seth Forshee writes:
> On Thu, Sep 25, 2014 at 12:14:01PM -0700, Eric W. Biederman wrote:
>> Sorry iattr_to_setattr look for from_kuid and from_kgid.
>>
>> The call path is
>> fuse_setattr
>>fuse_do_setattr
>> iattr_to_fattr.
>
> Bah. Sorry, I misread that originally and thought you w
On Thu, Sep 25, 2014 at 12:14:01PM -0700, Eric W. Biederman wrote:
> Seth Forshee writes:
>
> > On Thu, Sep 25, 2014 at 11:05:36AM -0700, Eric W. Biederman wrote:
> >> Miklos Szeredi writes:
> >>
> >> > On Wed, Sep 24, 2014 at 7:10 PM, Eric W. Biederman
> >> > wrote:
> >> >
> >> >
> >> >> So i
Seth Forshee writes:
> On Thu, Sep 25, 2014 at 11:05:36AM -0700, Eric W. Biederman wrote:
>> Miklos Szeredi writes:
>>
>> > On Wed, Sep 24, 2014 at 7:10 PM, Eric W. Biederman
>> > wrote:
>> >
>> >
>> >> So in summary I see:
>> >> - Low utility in being able to manipulate files with bad uids.
>
On Thu, Sep 25, 2014 at 01:44:03PM -0500, Seth Forshee wrote:
> On Thu, Sep 25, 2014 at 11:05:36AM -0700, Eric W. Biederman wrote:
> > Miklos Szeredi writes:
> >
> > > On Wed, Sep 24, 2014 at 7:10 PM, Eric W. Biederman
> > > wrote:
> > >
> > >
> > >> So in summary I see:
> > >> - Low utility in
On Thu, Sep 25, 2014 at 11:05:36AM -0700, Eric W. Biederman wrote:
> Miklos Szeredi writes:
>
> > On Wed, Sep 24, 2014 at 7:10 PM, Eric W. Biederman
> > wrote:
> >
> >
> >> So in summary I see:
> >> - Low utility in being able to manipulate files with bad uids.
> >> - Bad uids are mostly likely
Miklos Szeredi writes:
> On Wed, Sep 24, 2014 at 7:10 PM, Eric W. Biederman
> wrote:
>
>
>> So in summary I see:
>> - Low utility in being able to manipulate files with bad uids.
>> - Bad uids are mostly likely malicious action.
>> - make_bad_inode is trivial to analyze.
>> - No impediments to c
On Thu, Sep 25, 2014 at 05:04:04PM +0200, Miklos Szeredi wrote:
> On Wed, Sep 24, 2014 at 7:10 PM, Eric W. Biederman
> wrote:
>
>
> > So in summary I see:
> > - Low utility in being able to manipulate files with bad uids.
> > - Bad uids are mostly likely malicious action.
> > - make_bad_inode is
On Wed, Sep 24, 2014 at 7:10 PM, Eric W. Biederman
wrote:
> So in summary I see:
> - Low utility in being able to manipulate files with bad uids.
> - Bad uids are mostly likely malicious action.
> - make_bad_inode is trivial to analyze.
> - No impediments to change if I am wrong.
>
> So unless t
Seth Forshee writes:
> On Tue, Sep 23, 2014 at 03:29:57PM -0700, Eric W. Biederman wrote:
>>
>> So thinking about this and staring at fuse a little more I don't like
>> the approach of mapping bad uids into INVALID_UID in the case of fuse.
>>
>> What scares me is that we are looking at a very u
On Tue, Sep 23, 2014 at 03:29:57PM -0700, Eric W. Biederman wrote:
> Seth Forshee writes:
>
> > On Wed, Sep 10, 2014 at 11:42:12AM -0500, Seth Forshee wrote:
> >> On Wed, Sep 10, 2014 at 06:21:55PM +0200, Serge E. Hallyn wrote:
> >> > Quoting Seth Forshee (seth.fors...@canonical.com):
> >> > > On
Seth Forshee writes:
> On Wed, Sep 10, 2014 at 11:42:12AM -0500, Seth Forshee wrote:
>> On Wed, Sep 10, 2014 at 06:21:55PM +0200, Serge E. Hallyn wrote:
>> > Quoting Seth Forshee (seth.fors...@canonical.com):
>> > > On Tue, Sep 02, 2014 at 10:44:53AM -0500, Seth Forshee wrote:
>> > > > Another is
Miklos Szeredi writes:
> On Tue, Sep 23, 2014 at 6:26 PM, Seth Forshee
> wrote:
>> On Tue, Sep 23, 2014 at 06:07:35PM +0200, Miklos Szeredi wrote:
>>> On Tue, Sep 2, 2014 at 5:44 PM, Seth Forshee
>>> wrote:
>>> > Here's an updated set of patches for allowing fuse mounts from pid and
>>> > user
On Tue, Sep 23, 2014 at 07:03:47PM +0200, Miklos Szeredi wrote:
> On Tue, Sep 23, 2014 at 6:26 PM, Seth Forshee
> wrote:
> > On Tue, Sep 23, 2014 at 06:07:35PM +0200, Miklos Szeredi wrote:
> >> On Tue, Sep 2, 2014 at 5:44 PM, Seth Forshee
> >> wrote:
> >> > Here's an updated set of patches for a
On Tue, Sep 23, 2014 at 6:26 PM, Seth Forshee
wrote:
> On Tue, Sep 23, 2014 at 06:07:35PM +0200, Miklos Szeredi wrote:
>> On Tue, Sep 2, 2014 at 5:44 PM, Seth Forshee
>> wrote:
>> > Here's an updated set of patches for allowing fuse mounts from pid and
>> > user namespaces. I discussed some of t
On Tue, Sep 23, 2014 at 06:07:35PM +0200, Miklos Szeredi wrote:
> On Tue, Sep 2, 2014 at 5:44 PM, Seth Forshee
> wrote:
> > Here's an updated set of patches for allowing fuse mounts from pid and
> > user namespaces. I discussed some of the issues we debated with the last
> > patch set (and a few
On Tue, Sep 2, 2014 at 5:44 PM, Seth Forshee wrote:
> Here's an updated set of patches for allowing fuse mounts from pid and
> user namespaces. I discussed some of the issues we debated with the last
> patch set (and a few others) with Eric at LinuxCon, and the updates here
> mainly reflect the ou
On Wed, Sep 10, 2014 at 11:42:12AM -0500, Seth Forshee wrote:
> On Wed, Sep 10, 2014 at 06:21:55PM +0200, Serge E. Hallyn wrote:
> > Quoting Seth Forshee (seth.fors...@canonical.com):
> > > On Tue, Sep 02, 2014 at 10:44:53AM -0500, Seth Forshee wrote:
> > > > Another issue mentioned by Eric was wha
On Wed, Sep 10, 2014 at 06:21:55PM +0200, Serge E. Hallyn wrote:
> Quoting Seth Forshee (seth.fors...@canonical.com):
> > On Tue, Sep 02, 2014 at 10:44:53AM -0500, Seth Forshee wrote:
> > > Another issue mentioned by Eric was what to use for i_[ug]id if the ids
> > > from userspace don't map into t
Quoting Seth Forshee (seth.fors...@canonical.com):
> On Tue, Sep 02, 2014 at 10:44:53AM -0500, Seth Forshee wrote:
> > Another issue mentioned by Eric was what to use for i_[ug]id if the ids
> > from userspace don't map into the user namespace, which is going to be a
> > problem for any other files
On Tue, Sep 02, 2014 at 10:44:53AM -0500, Seth Forshee wrote:
> Another issue mentioned by Eric was what to use for i_[ug]id if the ids
> from userspace don't map into the user namespace, which is going to be a
> problem for any other filesystems which become mountable from user
> namespaces as wel
On Tue, Sep 02, 2014 at 10:44:53AM -0500, Seth Forshee wrote:
> Here's an updated set of patches for allowing fuse mounts from pid and
> user namespaces. I discussed some of the issues we debated with the last
> patch set (and a few others) with Eric at LinuxCon, and the updates here
> mainly refle
Here's an updated set of patches for allowing fuse mounts from pid and
user namespaces. I discussed some of the issues we debated with the last
patch set (and a few others) with Eric at LinuxCon, and the updates here
mainly reflect the outcome of those discussions.
The stickiest issue in the v1 pa
29 matches
Mail list logo
