Re: Security issues with local filesystem caching

[Josef Sipek]

On Thu, Oct 26, 2006 at 10:56:08AM +0100, David Howells wrote:
> Josef Sipek <jsipek@xxxxxxxxxxxxxxxxx> wrote:
...
> > I'm wondering, why don't just you duplicate all the attributes of the files
> > (including xattrs)? That would take care of most if not all the DAC/MAC
> > issues, no?
> 
> You're forgetting that the userspace cache manager daemon still has to access
> the cache.

Yeah, I did forget. Since there is a userspace daemon, it sounds like what
you're doing is right.

> > I'm thinking that it would be nice to combine the caching related security
> > code with those for stackable filesystems.
> 
> That's fine by me, though I want the security on a cache file to be different
> to that on the netfs file it's backing.

It sounds reasonable, and my guess is that chances are that the two
(stackable fs and caching) don't really overlap too much.

Josef "Jeff" Sipek.

-- 
UNIX is user-friendly ... it's just selective about who it's friends are
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/