From: Greg Freemyer Subject: Re: Atomic non-durable file write API Date: Tue, 28 Dec 2010 17:15:57 -0500 Message-ID: References: <20101224095105.GG12763@thunk.org> <20101225031529.GA2595@thunk.org> <20101226221016.GF2595@thunk.org> <4D18B106.4010308@ontolinux.com> <4D18E94C.3080908@ontolinux.com> <20101229075928.6bdafb08@notabene.brown> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE Cc: Neil Brown , Christian Stroetmann , linux-fsdevel , linux-ext4@vger.kernel.org, "Ted Ts'o" , Nick Piggin To: Olaf van der Spek Return-path: Received: from mail-iw0-f174.google.com ([209.85.214.174]:56425 "EHLO mail-iw0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751445Ab0L1WQS convert rfc822-to-8bit (ORCPT ); Tue, 28 Dec 2010 17:16:18 -0500 In-Reply-To: Sender: linux-ext4-owner@vger.kernel.org List-ID: On Tue, Dec 28, 2010 at 5:06 PM, Olaf van der Spek wrote: > On Tue, Dec 28, 2010 at 11:00 PM, Greg Freemyer wrote: >> create temp file >> write out new data >> delete old file >> rename temp file to primary name >> =3D=3D=3D >> >> If so there is still a little window of vulnerability where the whol= e >> file can be lost. =A0(Or at least only the temp file is present). > > Delete isn't used, rename will overwrite the old file. So it's safe. > Meta-data is probably lost, file owner is certainly lost. > > Olaf So ACLs are lost? That seems like a potentially bigger issue than loosing the owner/group= info. And I assume if the owner changes, then the new owner has privileges to modify ACLs he didn't have previously. So if I want to instigate a simple denial of service in a multi-user environment, I edit a few key docs that I have privileges to edit. By doing so I take ownership. As owner I change the permissions and ACLs so that no one but me can access them. Seems like a security hole to me. Greg -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" i= n the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html