Re: Inconsistencies with trusted.SGI_ACL

To:	Andreas Gruenbacher <agruenba@xxxxxxxxxx>
Subject:	Re: Inconsistencies with trusted.SGI_ACL_{FILE,DEFAULT}
From:	Dave Chinner <david@xxxxxxxxxxxxx>
Date:	Wed, 28 Oct 2015 09:38:14 +1100
Cc:	Brian Foster <bfoster@xxxxxxxxxx>, xfs@xxxxxxxxxxx
Delivered-to:	xfs@xxxxxxxxxxx
In-reply-to:	<CAHc6FU4dXfXyTBW2GgckeqaLGuUwney32orV6=M8VA+ix5h1Uw@xxxxxxxxxxxxxx>
References:	<CAHc6FU5gS4BA+iTRHo1oHJMVHkLs4aa0eYd5T1ftLC9biRaxrg@xxxxxxxxxxxxxx> <20151024125659.GA8095@xxxxxxxxxxxxxxx> <CAHc6FU6eVn=KpKvhD2N8hvAgdFQVdBHHS9tUgaVQJf5wnipY=g@xxxxxxxxxxxxxx> <20151024152254.GA22232@xxxxxxxxxxxxxxx> <20151026213228.GI8773@dastard> <CAHc6FU68MYTGWKM5S14_dQBqXeebd2GwQcKj4RztLvPWL2eksA@xxxxxxxxxxxxxx> <20151027053045.GL8773@dastard> <CAHc6FU4ZgJDKphScucvDfEWPFFu4dGfDVund9Wrah=X-vxnz3w@xxxxxxxxxxxxxx> <20151027201825.GO8773@dastard> <CAHc6FU4dXfXyTBW2GgckeqaLGuUwney32orV6=M8VA+ix5h1Uw@xxxxxxxxxxxxxx>
User-agent:	Mutt/1.5.21 (2010-09-15)

To:

Andreas Gruenbacher <agruenba@xxxxxxxxxx>

Subject:

Re: Inconsistencies with trusted.SGI_ACL_{FILE,DEFAULT}

From:

Dave Chinner <david@xxxxxxxxxxxxx>

Date:

Wed, 28 Oct 2015 09:38:14 +1100

Cc:

Brian Foster <bfoster@xxxxxxxxxx>, xfs@xxxxxxxxxxx

Delivered-to:

xfs@xxxxxxxxxxx

In-reply-to:

<CAHc6FU4dXfXyTBW2GgckeqaLGuUwney32orV6=M8VA+ix5h1Uw@xxxxxxxxxxxxxx>

References:

<CAHc6FU5gS4BA+iTRHo1oHJMVHkLs4aa0eYd5T1ftLC9biRaxrg@xxxxxxxxxxxxxx> <20151024125659.GA8095@xxxxxxxxxxxxxxx> <CAHc6FU6eVn=KpKvhD2N8hvAgdFQVdBHHS9tUgaVQJf5wnipY=g@xxxxxxxxxxxxxx> <20151024152254.GA22232@xxxxxxxxxxxxxxx> <20151026213228.GI8773@dastard> <CAHc6FU68MYTGWKM5S14_dQBqXeebd2GwQcKj4RztLvPWL2eksA@xxxxxxxxxxxxxx> <20151027053045.GL8773@dastard> <CAHc6FU4ZgJDKphScucvDfEWPFFu4dGfDVund9Wrah=X-vxnz3w@xxxxxxxxxxxxxx> <20151027201825.GO8773@dastard> <CAHc6FU4dXfXyTBW2GgckeqaLGuUwney32orV6=M8VA+ix5h1Uw@xxxxxxxxxxxxxx>

User-agent:

Mutt/1.5.21 (2010-09-15)

On Tue, Oct 27, 2015 at 10:39:51PM +0100, Andreas Gruenbacher wrote:
> On Tue, Oct 27, 2015 at 9:18 PM, Dave Chinner <david@xxxxxxxxxxxxx> wrote:
> > Further, user namespaces are irrelevant here - you can't run
> > xfsdump/restore outside the init_ns.  xfsdump requires access to the
> > handle interface, which is unsafe to use inside a user ns because it
> > allows complete access to any inode in the filesystem without
> > limitations. xfs_restore requires unfettered access to directly
> > manipulate the uid/gid/security attrs of inodes, which once again is
> > something that isn't allowed inside user namespaces.
> >
> > Setting Posix acls by directly poking the on-disk attr format rather
> > than going through the proper kernel ACL namespace is not a *general
> > purpose user interface*.  Thi exists for backup/restore utilities to
> > do things like restore ACLs and security labels simply by treating
> > them as opaque xattrs.  If a user sets ACLs using this low level
> > "opaque xattr" method, then they get to keep all the broken bits to
> > themselves.
> 
> Any process capable of CAP_SYS_ADMIN can getxattr and setxattr those

CAP_SYS_ADMIN = enough rope to hang yourself.

Cheers,

Dave.
-- 
Dave Chinner
david@xxxxxxxxxxxxx

<Prev in Thread]	Current Thread	[Next in Thread>
[PATCH 1/4] xfs: Validate the length of on-disk ACLs, (continued) [PATCH 1/4] xfs: Validate the length of on-disk ACLs, Andreas Gruenbacher [PATCH 4/4] xfs: SGI ACLs: Prepare for richacls, Andreas Gruenbacher Re: [PATCH 4/4] xfs: SGI ACLs: Prepare for richacls, Andreas Gruenbacher Re: [PATCH 0/4] xfs: SGI ACL Fixes, Brian Foster Re: Inconsistencies with trusted.SGI_ACL_{FILE,DEFAULT}, Dave Chinner Re: Inconsistencies with trusted.SGI_ACL_{FILE,DEFAULT}, Andreas Gruenbacher Re: Inconsistencies with trusted.SGI_ACL_{FILE,DEFAULT}, Dave Chinner Re: Inconsistencies with trusted.SGI_ACL_{FILE,DEFAULT}, Andreas Gruenbacher Re: Inconsistencies with trusted.SGI_ACL_{FILE,DEFAULT}, Dave Chinner Re: Inconsistencies with trusted.SGI_ACL_{FILE,DEFAULT}, Andreas Gruenbacher Re: Inconsistencies with trusted.SGI_ACL_{FILE,DEFAULT}, Dave Chinner <= Re: Inconsistencies with trusted.SGI_ACL_{FILE,DEFAULT}, Brian Foster

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: [PATCH 3/4] xfs: SGI ACLs: Map uid/gid namespaces, Dave Chinner
Next by Date:	Re: Speeding up xfs_repair on filesystem with millions of inodes, Michael Weissenbacher
Previous by Thread:	Re: Inconsistencies with trusted.SGI_ACL_{FILE,DEFAULT}, Andreas Gruenbacher
Next by Thread:	Re: Inconsistencies with trusted.SGI_ACL_{FILE,DEFAULT}, Brian Foster
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: [PATCH 3/4] xfs: SGI ACLs: Map uid/gid namespaces, Dave Chinner

Next by Date:

Re: Speeding up xfs_repair on filesystem with millions of inodes, Michael Weissenbacher

Previous by Thread:

Re: Inconsistencies with trusted.SGI_ACL_{FILE,DEFAULT}, Andreas Gruenbacher

Next by Thread:

Re: Inconsistencies with trusted.SGI_ACL_{FILE,DEFAULT}, Brian Foster

Indexes:

[Date] [Thread] [Top] [All Lists]