On Tue, 09 May 2000, Benhanokh Gabriel wrote:
>That sounds dangerously like "security through obscurity", IMO...
>>
>> You must not expose the ability to read blocks from disk which have not
>> been either initialised to zero, or previously written. In effect, the
>> file must be a copy-on-write area of zeros. Anything else is a security
>> hole - you can read the contents of deleted files.
> i don't think it is possible, no users space apps can access the blocks
>directly, the only way to read is calling system call read which checks for
>the file size before reading, so if i lock file for writing users can read
>from it with no problem.
Reading IS where the security violation occurs. Besides, locks are not
mandatory. Even memory buffers must be initialized, otherwise you can
extract a LOT of transitory data - private SSL certificates, Kernel
data (including password file buffers)...
>> In which case, the security issue is important - you can't just restrict
>> this to kernel access only, for example.
>the allocation service is not going to be offered to user application, i'm
>going to write it as a module, and only appliactions running with root
>permissions will be able to call it.
>
>> More to the point: why do you want to bypass the security system?
>because in my case i would be paying too much, for the an overkill.
>normal appliactions don't care about this zero stuff, since they gonna be
>overwriting it with their own data which needed to be writen to the disk.
>so it is only extra memory copy, but in my case the data should never be
>writen to the disk, so i'm paying with disk access not in memory.
For the most part, it is zero cost (well, a single COW action, which is
quite fast as it is). If it is a disk buffer then it will (at some time)
exist on disk, or read from disk. The buffer will contain data that does
not belong to the process.
>> XFS has been released. It's not in the mainstream kernels yet, but it's
>> out there.
>from what i saw it is in a pre-beta stage, which is too early for me to
>start playing with
XFS won't bypass security either.
>-
>To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
>the body of a message to majordomo@vger.rutgers.edu
>Please read the FAQ at http://www.tux.org/lkml/
-- ------------------------------------------------------------------------- Jesse I Pollard, II Email: pollard@cats-chateau.netAny opinions expressed are solely my own.
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon May 15 2000 - 21:00:12 EST