Re: [PATCH 0/3] Add O_DENY* flags to fcntl and cifs

From: J. Bruce Fields
Date: Mon Dec 10 2012 - 11:41:15 EST

Next message: Don Zickus: "Re: [RFC][PATCH] pstore: Skip spinlock when just one cpu is online"
Previous message: Johannes Weiner: "Re: kswapd craziness in 3.7"
Next in thread: Jeff Layton: "Re: [PATCH 0/3] Add O_DENY* flags to fcntl and cifs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Dec 08, 2012 at 12:43:14AM +0400, Pavel Shilovsky wrote:
> The problem is the possibility of denial-of-service attacks here. We
> can try to prevent them by:
> 1) specifying an extra security bit on the file that indicates that
> share flags are accepted (like we have for mandatory locks now) and
> setting it for neccessary files only, or
> 2) adding a special mount option (but it it probably makes sense if
> we decided to add this support for CIFS and NFS only).

In the case of knfsd and samba exporting a common filesystem, you'd also
want to be able to enforce it on the exported filesystem.

--b.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Don Zickus: "Re: [RFC][PATCH] pstore: Skip spinlock when just one cpu is online"
Previous message: Johannes Weiner: "Re: kswapd craziness in 3.7"
Next in thread: Jeff Layton: "Re: [PATCH 0/3] Add O_DENY* flags to fcntl and cifs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]