tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Extended attributes Linux interface



On Fri, 21 Oct 2011 00:29:12 -0400
Matthew Mondor <mm_lists%pulsar-zone.net@localhost> wrote:

> If unicode strings are possible, I think that it'd be possible for a
> string to look like "system" but to actually be something else to an
> auditing administrator, unless all tools clearly showed those non-ASCII
> bytes in an escaped format.

If the above theory is true, if we eventually supported extended
permissions such as access lists, they could possibly be implemented in
a special empty string class, with a special empty string key, and a
single structured object value specifying the permissions, rather than
relying on various keys within the "system" class.

Yet ideally for performance and security, it'd be ideal if the
interface only presented integer IDs for the class, and reserved
integer key attributes for the i.e. EXTATTR_SYSTEM class (just like our
groups are really gids).  The Linux compatibility interface, if
preserved, could be oblivious to system class attributes and only be
useful for the general purpose user attributes...  The problem here
would be that user tools using only the Linux API would not be able to
backup the full state (in this case, the extended permissions,
unfortunately)...
-- 
Matt


Home | Main Index | Thread Index | Old Index