Received: by 10.223.185.116 with SMTP id b49csp1184986wrg; Fri, 16 Feb 2018 14:06:06 -0800 (PST) X-Google-Smtp-Source: AH8x226q+BcbSvwQ6Sdy0S/MIVcaorx/H+e00CN6rk2efh309ayUALOS3ud/LMRMyGW1A7zAiRl0 X-Received: by 2002:a17:902:a9cb:: with SMTP id b11-v6mr7111774plr.315.1518818766030; Fri, 16 Feb 2018 14:06:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518818765; cv=none; d=google.com; s=arc-20160816; b=HXJ1WzqU/80+5DbtTGlRYubhHvAW3gfD0HJIydJOybdtPAu4uzVc8XpVH/ysYYaTA3 43H9xIn5DpiaY72TVq0MohkVjyEyt9Xxsi9wlyDo9Ho57Z8A8WZiJkgyvBtvJc5oLF9e 2LC+TKpOT3lCzuZjp2FZNBvXMSVlY6OS1lT9RO5xiEC/ljiFK8L3B6X84iz+jihXE3/m F+gsPnmkv+AztwOZa8nm+PXAU71HzU3zfG/N6Mm0KtBahiVEW/OXVE9GxRRhhRFcYbkB dzm/+cDTSG6a5rlZp1bulgaAHxodTXvNHAHVlL5ElDktnhyeUJE2O+aYs1rR/+CrttF6 CKBw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:arc-authentication-results; bh=0/wpBxWYUiQEsDrRkU4MLjcOxcVfGxvWCXS81uAUN0o=; b=gP2Ok2oHasztxLkp4KvbX7/DjI0C+aiiStNWgVmwDzMe6v5aGksL+2oQ6H6K9JUp+o daEG6/XGK57c7VjmHReOTV9a+jvIguMtm+tfxyoPa77mX5Cd88sj/Yjt6A8ZG9cgk+vw cBiFkdl8i0cUK5jmpMWfmLW/8JxM0rR10gL1VkivjzpdwC2J9izEejVycTUOjRSTikaw TgxZE8uBM1STO6GFBdt8Y9laRd91k7kjT4Y53uZU58yio7tevikwwzXIwfFH4q7SI5ii WmKbGr+MM+ytGSVcesHVn2VCcmpQ7FvJ6Vv5yT7ozNLpxhPUJIXLpWE2j6eQIX3fbBBH 9/1g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n127si3076768pga.543.2018.02.16.14.05.52; Fri, 16 Feb 2018 14:06:05 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751111AbeBPWD4 (ORCPT + 99 others); Fri, 16 Feb 2018 17:03:56 -0500 Received: from terminus.zytor.com ([198.137.202.136]:45419 "EHLO terminus.zytor.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750989AbeBPWDv (ORCPT ); Fri, 16 Feb 2018 17:03:51 -0500 X-Greylist: delayed 3860 seconds by postgrey-1.27 at vger.kernel.org; Fri, 16 Feb 2018 17:03:50 EST Received: from carbon-x1.hos.anvin.org (c-24-5-245-234.hsd1.ca.comcast.net [24.5.245.234] (may be forged)) (authenticated bits=0) by mail.zytor.com (8.15.2/8.15.2) with ESMTPSA id w1GKxICY008660 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Fri, 16 Feb 2018 12:59:18 -0800 Subject: Re: [PATCH v3 01/15] Documentation: add newcx initramfs format description To: Taras Kondratiuk , Al Viro , Arnd Bergmann , Rob Landley , Mimi Zohar , Jonathan Corbet , James McMechan Cc: initramfs@vger.kernel.org, Victor Kamensky , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, xe-linux-external@cisco.com References: <1518813234-5874-1-git-send-email-takondra@cisco.com> <1518813234-5874-2-git-send-email-takondra@cisco.com> From: "H. Peter Anvin" Message-ID: Date: Fri, 16 Feb 2018 12:59:12 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <1518813234-5874-2-git-send-email-takondra@cisco.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 02/16/18 12:33, Taras Kondratiuk wrote: > Many of the Linux security/integrity features are dependent on file > metadata, stored as extended attributes (xattrs), for making decisions. > These features need to be initialized during initcall and enabled as > early as possible for complete security coverage. > > Initramfs (tmpfs) supports xattrs, but newc CPIO archive format does not > support including them into the archive. > > This patch describes "extended" newc format (newcx) that is based on > newc and has following changes: > - extended attributes support > - increased size of filesize to support files >4GB > - increased mtime field size to have 64 bits of seconds and added a > field for nanoseconds > - removed unused checksum field > If you are going to implement a new, non-backwards-compatible format, you shouldn't replicate the mistakes of the current format. Specifically: 1. The use of ASCII-encoded fixed-length numbers is an idiotic legacy from an era before there were any portable way of dealing with numbers with prespecified endianness. If you are going to use ASCII, make them delimited so that they don't have fixed limits, or just use binary. The cpio header isn't fixed size, so that argument goes away, in fact the only way to determine the end of the header is to scan forward. 2. Alignment sensitivity! Because there is no header length information, the above scan tells you where the header ends, but there is padding before the data, and the size of that padding is only defined by alignment. 3. Inband encoding of EOF: if you actually have a filename "TRAILER!!!" you have problems. But first, before you define a whole new format for which no tools exist (you will have to work with the maintainers of the GNU tools to add support) you should see how complex it would be to support the POSIX tar/pax format, which already has all the features you are seeking, and by now is well-supported. -hpa