diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2019-12-08 01:59:25 +0100 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2019-12-08 01:59:25 +0100 |
commit | 316933cf74b07c6fedcbb0de4564af82f0820a43 (patch) | |
tree | e29b35a0275d68b04a638abbcf231cb1e671d2a2 /fs/xfs | |
parent | Merge tag 'nfsd-5.5' of git://linux-nfs.org/~bfields/linux (diff) | |
parent | orangefs: posix open permission checking... (diff) | |
download | linux-316933cf74b07c6fedcbb0de4564af82f0820a43.tar.xz linux-316933cf74b07c6fedcbb0de4564af82f0820a43.zip |
Merge tag 'for-linus-5.5-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux
Pull orangefs update from Mike Marshall:
"orangefs: posix open permission checking...
Orangefs has no open, and orangefs checks file permissions on each
file access. Posix requires that file permissions be checked on open
and nowhere else. Orangefs-through-the-kernel needs to seem posix
compliant.
The VFS opens files, even if the filesystem provides no method. We can
see if a file was successfully opened for read and or for write by
looking at file->f_mode.
When writes are flowing from the page cache, file is no longer
available. We can trust the VFS to have checked file->f_mode before
writing to the page cache.
The mode of a file might change between when it is opened and IO
commences, or it might be created with an arbitrary mode.
We'll make sure we don't hit EACCES during the IO stage by using
UID 0"
[ This is "posixish", but not a great solution in the long run, since a
proper secure network server shouldn't really trust the client like this.
But proper and secure POSIX behavior requires an open method and a
resulting cookie for IO of some kind, or similar. - Linus ]
* tag 'for-linus-5.5-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux:
orangefs: posix open permission checking...
Diffstat (limited to 'fs/xfs')
0 files changed, 0 insertions, 0 deletions