Re: [PATCH 0/6][v4][RFC] NFSv3: implement extended attribute protocol (XATTR)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2010-03-15 at 16:28 -0700, Casey Schaufler wrote:

> You're missing something. Privilege semantics are different. The
> behavior of unlinked files is different. Locking is different. You
> are correct that in most cases it does not matter. We're not talking
> about the common case, we're talking about using xattrs to store
> information that is used to make security decisions. It is quite
> difficult to make security claims when an object can be accessed
> under two different sets of semantics.

I'm sorry. Exactly _how_ are you going to prevent files from being
accessed under more than one set of semantics under NFS? You have _no_
idea what kind of security mechanisms are implemented on the client.

All you can do is export a given set of security labels and hope...

Trond
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux