On Fri, Mar 11, 2016 at 04:44:16PM -0800, Linus Torvalds wrote: > On Fri, Mar 11, 2016 at 4:35 PM, Theodore Ts'o <tytso@xxxxxxx> wrote: > > > > At the end of the day it's about whether you trust the userspace > > program or not. > > There's a big difference between "give the user rope", and "tie the > rope in a noose and put a banana peel so that the user might stumble > into the rope and hang himself", though. So let's see. The user application has to explicitly request NO_HIDE_STALE via an fallocate flag --- so it requires changing the source code and recompiling the application. And then, the system administrator has to pass in a mount option specifying a group that the application has to run under. And then the application has to run setgid with that group's privileges. I hardly think that can be considered handing the user a pre-tied noose. Sure, the application can do something stupid --- but I'd arguing giving root to some junior sysadmin is far more likely to cause problems. Cheers, - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
