[PATCH 0/3] Add O_DENY* flags to fcntl and cifs
alan at lxorguk.ukuu.org.uk
Thu Dec 6 13:49:49 CST 2012
On Thu, 6 Dec 2012 22:26:28 +0400
Pavel Shilovsky <piastry at etersoft.ru> wrote:
> Network filesystems CIFS, SMB2.0, SMB3.0 and NFSv4 have such flags - this change can benefit cifs and nfs modules. While this change is ok for network filesystems, itsn't not targeted for local filesystems due security problems (e.g. when a user process can deny root to delete a file).
If I have my root fs on NFS then the same applies does it not.
Your patches fail to describe the security semantics and what file rights
I must have to apply each option. How do I track down a lock user, what
tools are provided ? How do the new options interact with the security
I don't have a problem with the idea, but it needs a lot more clear
description of how it works so the model can be checked and if need be
things tweaked (eg needing write to denywrite etc)
More information about the wine-devel