[PATCH] vfs module for VxFS
abartlet at samba.org
Tue Sep 2 16:36:35 MDT 2014
On Tue, 2014-09-02 at 07:32 -0700, Richard Sharpe wrote:
> On Mon, Sep 1, 2014 at 9:24 PM, Andrew Bartlett <abartlet at samba.org> wrote:
> > On Mon, 2014-09-01 at 18:44 -0700, Jeremy Allison wrote:
> >> On Tue, Sep 02, 2014 at 11:52:49AM +1200, Andrew Bartlett wrote:
> >> >
> >> > The concern I have is that Samba can permit access to extended
> >> > attributes directly. You have to ban them in samba_private_attr_name()
> >> > in source3/smbd/trans2.c.
> There is another issue here as well, which is that Samba is not
> flexible enough, IMO, in those cases where the OS or the FS does not
> support separate SYSTEM and USER name spaces.
> Then, all the xattrs have to be collapsed into one name space.
> A trick I have used before is to prefix SAMBA xattrs with something
> like .samba: but that requires more flexibility in the filtering.
Samba uses the different namespaces because they have different security
properties, which is the point I've been trying to make here. We
certainly could use the user namespace, but the only way we could do so
with confidence in the security of the outcome (in the general case) is
to digitally sign all our 'system' extended attributes.
In the not-general case, simple mappings may be secure in very specific
configurations, but it would have to be described as fragile at best.
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical