Re: [PATCH] vfs: allow copy_file_range from a swapfile

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jun 10, 2019 at 10:51:08PM -0400, Theodore Ts'o wrote:
> On Mon, Jun 10, 2019 at 06:16:12PM -0700, Darrick J. Wong wrote:
> > On Mon, Jun 10, 2019 at 08:26:06PM +0300, Amir Goldstein wrote:
> > > read(2) is allowed from a swapfile, so copy_file_range(2) should
> > > be allowed as well.
> > > 
> > > Reported-by: Theodore Ts'o <tytso@xxxxxxx>
> > > Fixes: 96e6e8f4a68d ("vfs: add missing checks to copy_file_range")
> > > Signed-off-by: Amir Goldstein <amir73il@xxxxxxxxx>
> > > ---
> > > 
> > > Darrick,
> > > 
> > > This fixes the generic/554 issue reported by Ted.
> > 
> > Frankly I think we should go the other way -- non-root doesn't get to
> > copy from or read from swap files.
> 
> The issue is that without this patch, *root* doesn't get to copy from
> swap files.  Non-root shouldn't have access via Unix permissions.  We

I'm not sure even root should have that privilege - it's a swap file,
and until you swapoff, it's owned by the kernel and we shouldn't let
backup programs copy your swapped out credit card numbers onto tape.

> could add a special case if we don't trust system administrators to be
> able to set the Unix permissions correctly, I suppose, but we don't do
> that for block devices when they are mounted....

...and administrators often mkfs over mounted filesystems because we let
them read and write block devices.  Granted I tried to fix that once and
LVM totally stopped working...

--D

> 
> 					- Ted



[Index of Archives]     [XFS Filesystem Development (older mail)]     [Linux Filesystem Development]     [Linux Audio Users]     [Yosemite Trails]     [Linux Kernel]     [Linux RAID]     [Linux SCSI]


  Powered by Linux