From: Eric Sandeen Subject: Re: noacl and nouser_xattr Date: Mon, 18 Nov 2013 12:31:24 -0600 Message-ID: <528A5CFC.1060706@redhat.com> References: <528A2397.8030402@me.umn.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit To: Paul FM , linux-ext4@vger.kernel.org Return-path: Received: from mx1.redhat.com ([209.132.183.28]:9493 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751420Ab3KRSbo (ORCPT ); Mon, 18 Nov 2013 13:31:44 -0500 In-Reply-To: <528A2397.8030402@me.umn.edu> Sender: linux-ext4-owner@vger.kernel.org List-ID: On 11/18/13, 8:26 AM, Paul FM wrote: > > Yes - I need noacl and nouser_xattr > > How about documenting your intent to remove them in the man pages. > > acl support and user_xattr support need to be off on the / and /usr > filesystems to simplify security. Actually I want a way to turn off > ALL extended attribute support on any filesystem. How about noxattr > (which would turn off ALL extended attribute support including acls). > I also use nosuid on filesystems that shouldn't have any suid files. > > This is to follow the security principal - "If you aren't using it > and don't need it - turn it off". FWIW, it still can be disabled at build time via CONFIG_EXT3_FS_POSIX_ACL But if you are using a distro kernel that turns that on, I see your point about noacl. However, I'm not sure how nouser_xattr comes into the argument? xattrs by themselves are just metadata; they don't impact security control unless they are a special kind of xattrs (i.e. acls). Thanks, -Eric > The simple Posix/Unix permissions are more than enough security > control in almost every situation I have run into (only wish I could > use them in Windows). > > Having worked extensively with ACLS on Windows (and some older Main > Frame OSes) - I note that ACL's add a level of complexity to security > that actually makes for less security. I see the need to support > them in Unix/Linux - but they should be OFF unless someone > specifically wants to use them (at least don't make them hard to turn > off). > > Just try auditing the security of a windows filesystem if you don't > think ACL's add extreme complexity (I gave up - I just forcibily set > all the ACL's myself by script using the unix Owner,Group,Other > concepts as a model to simplify what I am setting). > > > >