[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-fsdevel
Subject:    RE: [PATCH] backout the xattr override access checks flag
From:       Luka Renko <luka.renko () hermes ! si>
Date:       2003-02-23 19:28:23
[Download RAW message or body]

On Friday, February 21, 2003 16:59 Christoph Hellwig wrote:
> On Fri, Feb 21, 2003 at 01:50:33PM +0100, Luka Renko wrote:
> > I would agree with Andreas that temporarily raising 
> capabilities for 
> > process by kernel module is probably not a good thing. I 
> think having 
> > the flag (that cannot be passed from user space) is better.
> 
> So could you please explain why this is better in your eyes? 

I have concerns with kernel module temporarly changing capabilities of a
user process, however I am not sure if this is really the problem. I was
thinking in terms of SMP/preempt (EA calls can/will go to sleep) and
considering that this might be a security problem, however since we are
changing it per process it should probably be OK.
If just EA calls have mode to allow "kernel context" access it for sure does
not have as wide impact as temporary change of process capabilities... But I
agree with you that it is "yet-another-special-case"...

Regards,
Luka
-
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]