On Mon, Feb 03, 2014 at 01:44:22PM -0800, Linus Torvalds wrote: > On Mon, Feb 3, 2014 at 1:39 PM, Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote: > > > > If we really have hardlinks, the result of permission check would better > > be a function of inode itself - as in, "if it gives different results > > for two pathnames reachable for the same user, we have a bug". ^^^^^^^^^ > No. You're wrong. > > EVEN ON A UNIX FILESYSTEM THE PATH IS MEANINGFUL. > > Do this: create a hardlink in two different directories. Make the > *directory* permissions for one of the directories be something you > cannot traverse. Now try to check the permissions of the *same* inode > through those two paths. Notice how you get *different* results. > > Really. Yes. In one case we won't get to looking at the permissions of that thing at all. > Now, imagine that you are doing the same thing over a network. On the > server, there may be a single inode for the file, but when the client > gives the server a pathname, the two pathnames to that single inode > ARE NOT EQUIVALENT. Why do we pretend that those are links, in the first place? > And the fact is, filesystems with hardlinks and path-name-based > operations do exist. cifs with the unix extensions is one of them. Pox on Tridge... I really, really hate that change; I can buy "->getxattr() has inconvenient interface because of lousy protocol design", but spreading the same to ->permission(), with everything that will fall out of that... <shudder> -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
