Hi! > > > That statement is meant to scare people away from modifying the lower fs :) > > > I tortured unionfs quite a bit, and it can oops but it takes some effort. > > But isn't it then potential DOS? If you happen to union two filesystems > > and an untrusted user has write access to both original filesystem and > > the union, then you say he'd be able to produce oops? That does not > > sound very secure to me... And if any secure use of unionfs requires > > limitting access to the original trees, then I think it's a good reason > > to implement it in unionfs itself. Just my 2 cents. > > You mean somebody like, say, a perfectly innocent process working on the > NFS server or some other client that is oblivious to the existence of > unionfs stacks on your particular machine? > To me, this has always sounded like a showstopper for using unionfs with > a remote filesystem. Actually, it is worse than that. find / (and updatedb) *will* write to all the filesystems (atime). Expecting sysadmins to know/prevent this seems like expecting quite a lot from them. Sounds like a show stopper to me :-(.... Pavel -- Thanks for all the (sleeping) penguins. - To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
