On 03/11/2016 12:03 AM, Linus Torvalds wrote:
On Thu, Mar 10, 2016 at 6:58 AM, Ric Wheeler <ricwheeler@xxxxxxxxx> wrote:
What was objectionable at the time this patch was raised years back (not
just to me, but to pretty much every fs developer at LSF/MM that year)
centered on the concern that this would be viewed as a "performance" mode
and we get pressure to support this for non-priveleged users. It gives any
user effectively the ability to read the block device content for previously
allocated data without restriction.
The sane way to do it would be to just check permissions of the
underlying block device.
That way, people can just set the permissions for that to whatever
they want. If google right now uses some magical group for this, they
could make the underlying block device be writable for that group.
We can do the security check at the filesystem level, because we have
sb->s_bdev->bd_inode, and if you have read and write permissions to
that inode, you might as well have permission to create a unsafe hole.
That doesn't sound very hacky to me.
Linus
I agree that this sounds quite reasonable.
Ric
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html