Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261839AbVD0RkF (ORCPT ); Wed, 27 Apr 2005 13:40:05 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261842AbVD0Rjq (ORCPT ); Wed, 27 Apr 2005 13:39:46 -0400 Received: from rev.193.226.232.93.euroweb.hu ([193.226.232.93]:22437 "EHLO dorka.pomaz.szeredi.hu") by vger.kernel.org with ESMTP id S261841AbVD0Riv (ORCPT ); Wed, 27 Apr 2005 13:38:51 -0400 To: mj@ucw.cz CC: lmb@suse.de, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org In-reply-to: <20050427164652.GA3129@ucw.cz> (message from Martin Mares on Wed, 27 Apr 2005 18:46:52 +0200) Subject: Re: [PATCH] private mounts References: <20050426131943.GC2226@openzaurus.ucw.cz> <20050426201411.GA20109@elf.ucw.cz> <20050427092450.GB1819@elf.ucw.cz> <20050427143126.GB1957@mail.shareable.org> <20050427153320.GA19065@atrey.karlin.mff.cuni.cz> <20050427155022.GR4431@marowsky-bree.de> <20050427164652.GA3129@ucw.cz> Message-Id: From: Miklos Szeredi Date: Wed, 27 Apr 2005 19:38:40 +0200 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1274 Lines: 27 > > It is certainly an information leak not otherwise available. And with > > the ability to change the layout underneath, you might trigger bugs in > > root programs: Are they really capable of seeing the same filename > > twice, or can you throw them into a deep recursion by simulating > > infinitely deep directories/circular hardlinks...? > > Yes, it can help you trigger bugs, but all these bugs are triggerable > without user filesystems as well, although it's harder to do so. It's not just triggering bugs. You have very fine control over what you present in your filesystem. Examples are huge files, huge directories, operations that complete slowly or never at all. Is it possible to limit all these from kernelspace? Probably yes, although a timeout for operations is something that cuts either way. And the compexity of these checks would probably be orders of magnitude higher then the check we are currently discussing. So this check _is_ needed on systems where the users cannot be trusted. Thanks, Miklos - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/