On Thu, 20 Jan 2011 10:30:47 +0800 Shaohua Li <shaohua.li@xxxxxxxxx> wrote: > > I don't know if this is worth addressing. Perhaps require that the > > filp refers to the root of the fs? > I didn't see why this is needed, but I can limit the fip to the root of > the fs. I don't think it matters much either. The only problem I can see is if we were to later try to extend the ioctl into a per-file thing. > > Also, is this a privileged operation? If not, then that might be a > > problem - could it be used by unprivileged users to work out which > > files have been opened recently or something like that? > it's harmless even a unprivileged user uses it. I don't think > unprivileged user can decode the data returned from the ioctl. um. Well, by doing a before-and-after thing I can use this ioctl to work out what metadata blocks are used when someone reads /my/super/secret-directory/foo. Then I can write a program which sits there waiting until someone else reads /my/super/secret-directory/foo. Then I can use that information to start WWIII or something. I dunno, strange things happen. Unless there's a good *need* to make this available to unprivileged users then we should not do so. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html