From: Olaf van der Spek Subject: Re: Atomic non-durable file write API Date: Tue, 28 Dec 2010 23:28:31 +0100 Message-ID: References: <20101224095105.GG12763@thunk.org> <20101225031529.GA2595@thunk.org> <20101226221016.GF2595@thunk.org> <4D18B106.4010308@ontolinux.com> <4D18E94C.3080908@ontolinux.com> <20101229075928.6bdafb08@notabene.brown> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: QUOTED-PRINTABLE Cc: Neil Brown , Christian Stroetmann , linux-fsdevel , linux-ext4@vger.kernel.org, "Ted Ts'o" , Nick Piggin To: Greg Freemyer Return-path: Received: from mail-fx0-f46.google.com ([209.85.161.46]:56563 "EHLO mail-fx0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751652Ab0L1W2d convert rfc822-to-8bit (ORCPT ); Tue, 28 Dec 2010 17:28:33 -0500 In-Reply-To: Sender: linux-ext4-owner@vger.kernel.org List-ID: On Tue, Dec 28, 2010 at 11:15 PM, Greg Freemyer wrote: > So ACLs are lost? I'm not sure. Since preserving them might not be easy I think it's likely they're lost in some cases. > That seems like a potentially bigger issue than loosing the owner/gro= up info. > > And I assume if the owner changes, then the new owner has privileges > to modify ACLs he didn't have previously. > > So if I want to instigate a simple denial of service in a multi-user > environment, I edit a few key docs that I have privileges to edit. =C2= =A0By > doing so I take ownership. =C2=A0As owner I =C2=A0change the permissi= ons and > ACLs so that no one but me can access them. > > Seems like a security hole to me. If you have write access you can clear the data as well, so effectively the difference is small. Olaf -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" i= n the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html