FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team

 
 
LinkBack Thread Tools
 
Old 01-06-2009, 09:13 PM
Jim Lieb
 
Default LP #220658 stat broken for CIFS filesystem

This is a regression from 7.10 and other linux CIFS clients.

This patch enables CONFIG_CIFS_XATTR and CONFIG_CIFS_POSIX to
change the protocol options to request Posix functionality.
7.10 and other Linux distros such as Fedora enable these options in order
to allow full UNIX f/s functionality between Linux client/server(s). See the
commit comments for the details.

This patch applies to Intrepid.

Proposing for SRU to Intrepid and Jaunty.
--
Jim Lieb
Ubuntu Kernel Team
Canonical Ltd.
--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 01-07-2009, 02:35 PM
Tim Gardner
 
Default LP #220658 stat broken for CIFS filesystem

Jim Lieb wrote:
> This is a regression from 7.10 and other linux CIFS clients.
>
> This patch enables CONFIG_CIFS_XATTR and CONFIG_CIFS_POSIX to
> change the protocol options to request Posix functionality.
> 7.10 and other Linux distros such as Fedora enable these options in order
> to allow full UNIX f/s functionality between Linux client/server(s). See the
> commit comments for the details.
>
> This patch applies to Intrepid.
>
> Proposing for SRU to Intrepid and Jaunty.
>

ACK - though I suspect Stefan would prefer to wait until the current
Intrepid kernel is promoted to -updates. Furthermore, I don't think its
fair to say that this is a regression from 7.10. As far as I can tell,
no Ubuntu release (7.10 or otherwise) has enabled CIFS_XATTR.

You'll want to engage at least Steve Langasek as he seems to be quite
interested in Samba issues.

rtg
--
Tim Gardner tim.gardner@canonical.com

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 01-07-2009, 02:43 PM
Stefan Bader
 
Default LP #220658 stat broken for CIFS filesystem

Tim Gardner wrote:
> Jim Lieb wrote:
>> This is a regression from 7.10 and other linux CIFS clients.
>>
>> This patch enables CONFIG_CIFS_XATTR and CONFIG_CIFS_POSIX to
>> change the protocol options to request Posix functionality.
>> 7.10 and other Linux distros such as Fedora enable these options in order
>> to allow full UNIX f/s functionality between Linux client/server(s). See the
>> commit comments for the details.
>>
>> This patch applies to Intrepid.
>>
>> Proposing for SRU to Intrepid and Jaunty.
>>
>
> ACK - though I suspect Stefan would prefer to wait until the current

Yes, hopefully this won't be long but I'll get back as soon as I am done there.

> Intrepid kernel is promoted to -updates. Furthermore, I don't think its
> fair to say that this is a regression from 7.10. As far as I can tell,
> no Ubuntu release (7.10 or otherwise) has enabled CIFS_XATTR.
>
> You'll want to engage at least Steve Langasek as he seems to be quite
> interested in Samba issues.
>
> rtg


--

When all other means of communication fail, try words!



--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 01-07-2009, 05:07 PM
Steve Langasek
 
Default LP #220658 stat broken for CIFS filesystem

On Wed, Jan 07, 2009 at 08:35:19AM -0700, Tim Gardner wrote:
> Jim Lieb wrote:
> > This is a regression from 7.10 and other linux CIFS clients.

> > This patch enables CONFIG_CIFS_XATTR and CONFIG_CIFS_POSIX to
> > change the protocol options to request Posix functionality.
> > 7.10 and other Linux distros such as Fedora enable these options in order
> > to allow full UNIX f/s functionality between Linux client/server(s). See the
> > commit comments for the details.

> > This patch applies to Intrepid.

> > Proposing for SRU to Intrepid and Jaunty.

> ACK - though I suspect Stefan would prefer to wait until the current
> Intrepid kernel is promoted to -updates. Furthermore, I don't think its
> fair to say that this is a regression from 7.10. As far as I can tell,
> no Ubuntu release (7.10 or otherwise) has enabled CIFS_XATTR.

> You'll want to engage at least Steve Langasek as he seems to be quite
> interested in Samba issues.

Hmm, TTBOMK the CIFS_XATTR option is new functionality in the cifs driver
that postdates Ubuntu 7.10. It may be a regression in the sense that 7.10
still supported smbfs and smbfs may have implemented this, but that's not a
direct regression in the cifs driver itself.

I am wary of changing these options in an SRU though, because I have seen
reports from Debian kernels of roughly the same vintage that there's no way
on the client side to down-negotiate to not use POSIX passthrough semantics,
which is sometimes what's called for. Basically, enabling these options
could represent a security-related regression for users who are already
happily using the current settings.

--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek@ubuntu.com vorlon@debian.org

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 01-07-2009, 05:36 PM
Tim Gardner
 
Default LP #220658 stat broken for CIFS filesystem

Steve Langasek wrote:
> On Wed, Jan 07, 2009 at 08:35:19AM -0700, Tim Gardner wrote:
>> Jim Lieb wrote:
>>> This is a regression from 7.10 and other linux CIFS clients.
>
>>> This patch enables CONFIG_CIFS_XATTR and CONFIG_CIFS_POSIX to
>>> change the protocol options to request Posix functionality.
>>> 7.10 and other Linux distros such as Fedora enable these options in order
>>> to allow full UNIX f/s functionality between Linux client/server(s). See the
>>> commit comments for the details.
>
>>> This patch applies to Intrepid.
>
>>> Proposing for SRU to Intrepid and Jaunty.
>
>> ACK - though I suspect Stefan would prefer to wait until the current
>> Intrepid kernel is promoted to -updates. Furthermore, I don't think its
>> fair to say that this is a regression from 7.10. As far as I can tell,
>> no Ubuntu release (7.10 or otherwise) has enabled CIFS_XATTR.
>
>> You'll want to engage at least Steve Langasek as he seems to be quite
>> interested in Samba issues.
>
> Hmm, TTBOMK the CIFS_XATTR option is new functionality in the cifs driver
> that postdates Ubuntu 7.10. It may be a regression in the sense that 7.10
> still supported smbfs and smbfs may have implemented this, but that's not a
> direct regression in the cifs driver itself.
>
> I am wary of changing these options in an SRU though, because I have seen
> reports from Debian kernels of roughly the same vintage that there's no way
> on the client side to down-negotiate to not use POSIX passthrough semantics,
> which is sometimes what's called for. Basically, enabling these options
> could represent a security-related regression for users who are already
> happily using the current settings.
>

What do you think about doing this for Jaunty?

--
Tim Gardner tim.gardner@canonical.com

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 01-07-2009, 05:44 PM
Jim Lieb
 
Default LP #220658 stat broken for CIFS filesystem

On Wednesday 07 January 2009 10:07:10 Steve Langasek wrote:
> On Wed, Jan 07, 2009 at 08:35:19AM -0700, Tim Gardner wrote:
> > Jim Lieb wrote:
> > > This is a regression from 7.10 and other linux CIFS clients.
> > >
> > > This patch enables CONFIG_CIFS_XATTR and CONFIG_CIFS_POSIX to
> > > change the protocol options to request Posix functionality.
> > > 7.10 and other Linux distros such as Fedora enable these options in
> > > order to allow full UNIX f/s functionality between Linux
> > > client/server(s). See the commit comments for the details.
> > >
> > > This patch applies to Intrepid.
> > >
> > > Proposing for SRU to Intrepid and Jaunty.
> >
> > ACK - though I suspect Stefan would prefer to wait until the current
> > Intrepid kernel is promoted to -updates. Furthermore, I don't think its
> > fair to say that this is a regression from 7.10. As far as I can tell,
> > no Ubuntu release (7.10 or otherwise) has enabled CIFS_XATTR.
> >
> > You'll want to engage at least Steve Langasek as he seems to be quite
> > interested in Samba issues.
>
> Hmm, TTBOMK the CIFS_XATTR option is new functionality in the cifs driver
> that postdates Ubuntu 7.10. It may be a regression in the sense that 7.10
> still supported smbfs and smbfs may have implemented this, but that's not a
> direct regression in the cifs driver itself.
>
> I am wary of changing these options in an SRU though, because I have seen
> reports from Debian kernels of roughly the same vintage that there's no way
> on the client side to down-negotiate to not use POSIX passthrough
> semantics, which is sometimes what's called for. Basically, enabling these
> options could represent a security-related regression for users who are
> already happily using the current settings.
How is this a security related issue? Posix semantics mean case sensitivity
and attributes (if used), something that UNIX/Linux programs expect. Are
there use cases we can enumerate where security is an issue? These need
to be well documented if we are to be at variance with other enterprise
distros.
--
Jim Lieb
Ubuntu Kernel Team
Canonical Ltd.

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 01-07-2009, 08:01 PM
Steve Langasek
 
Default LP #220658 stat broken for CIFS filesystem

On Wed, Jan 07, 2009 at 11:36:37AM -0700, Tim Gardner wrote:
> > I am wary of changing these options in an SRU though, because I have seen
> > reports from Debian kernels of roughly the same vintage that there's no way
> > on the client side to down-negotiate to not use POSIX passthrough semantics,
> > which is sometimes what's called for. Basically, enabling these options
> > could represent a security-related regression for users who are already
> > happily using the current settings.

> What do you think about doing this for Jaunty?

Should absolutely be appropriate.

On Wed, Jan 07, 2009 at 10:44:50AM -0800, Jim Lieb wrote:
> How is this a security related issue? Posix semantics mean case sensitivity
> and attributes (if used), something that UNIX/Linux programs expect. Are
> there use cases we can enumerate where security is an issue? These need
> to be well documented if we are to be at variance with other enterprise
> distros.

The trouble is that "POSIX semantics" *also* mean file ownership and mode.
I have seen a number of bug reports to the effect that, if you have POSIX
extensions enabled, it's very difficult to get the kernel cifs client to
*not* pass the server-side permissions through. If POSIX extensions are
completely disabled on the client in intrepid, and we turn them on, suddenly
users are going to find their kernel trusting the server's notion of user
permissions where before they were specified at mount time.

Ideally, it should be possble to toggle the use of POSIX semantics both
per-client (via /proc/fs/cifs, for example) and per-mount, and we should
have a userspace policy that prohibits enabling passthrough of POSIX perms
for mounts by untrusted users. In practice I don't think we have that
working; that would be a bug, but it's one that implies a major risk of
regression for enabling CONFIG_CIFS_POSIX.

Cheers,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek@ubuntu.com vorlon@debian.org

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 

Thread Tools




All times are GMT. The time now is 04:07 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org