On 1 May 2007, at 05:22, David Chinner wrote:
On Mon, Apr 30, 2007 at 04:44:01PM -0600, Andreas Dilger wrote:
The FIBMAP ioctl is for privileged users
only, and I wonder if FIEMAP should be the same, or at least
disallow
mapping files that the user can't access especially with
FLAG_SYNC and/or
FLAG_HSM_READ.
I see little reason for restricting FI[BE]MAP to privileged users -
anyone should be able to determine if files they have permission to
access are fragmented.
Allowing anyone to run FI[BE]MAP creates potential for DOS-ing the
machine. Perhaps for non-privileged users FIEMAP has to be read-
only? As soon as any of the FLAG_* flags come into play you make it
privileged. For example fancy any user being able to fill up your
file system by calling FIEMAP with FLAG_HSM_READ on all files
recursively? This should certainly not be simply dismissed as a non-
issue without thinking about it first...
Best regards,
Anton
--
Anton Altaparmakov <aia21 at cam.ac.uk> (replace at with @)
Unix Support, Computing Service, University of Cambridge, CB2 3QH, UK
Linux NTFS maintainer, http://www.linux-ntfs.org/
|