Theodore Ts'o wrote on 06/06/2015 02:33 AM:
On Fri, Jun 05, 2015 at 09:24:51PM +0200, U.Mutlu wrote:
I think the filesystem could indeed implement such a "user-only" directory,
because the FUSE-API wrapper showed me that it is indeed possible
to implement that idea. I would suggest to add this feature to ext4,
and that new feature could be a real game-changer (yes, I know another
bold statement) in IT security.
Sorry, I'm not willing to advertise that a file system has a feature
which is a pure snake oil --- someone claiming that this can be done
is making a fradulently untrue statement.
Regards,
- Ted
I posted hello.c (a FUSE demo) in this thread. It is IMO even more secure
than the private namespace mount method. The simple reason is:
because granting access to the volume (or to a single dir/file)
is done inside that user-code itself, ie. the user/owner controls
whom he actually gives access.
I'm sorry to say this, but this simply proves your last statement above wrong.
Thx for this interessting discussion and exchange of ideas on security
Uenal
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
