Extended attributes Linux interface

To: tech-kern%netbsd.org@localhost
Subject: Extended attributes Linux interface
From: Matthew Mondor <mm_lists%pulsar-zone.net@localhost>
Date: Fri, 21 Oct 2011 00:29:12 -0400

Hello,

There were previously discussions, started by Emmanuel, concerning the
extended attributes, including on the various available APIs and which
to support etc.

At the time I read them I was catching up with a lot of mail and had
written down a small note about a potential security implication that
crossed my mind if we used the Linux interface.  Perhaps someone can
(dis)confirm:

Strings are used instead of IDs to distinguish the class of an extended
attribute, i.e. "system" etc.  My question is then: must those be
limited to ASCII or can they support arbitrary bytes, or UTF-8?

If unicode strings are possible, I think that it'd be possible for a
string to look like "system" but to actually be something else to an
auditing administrator, unless all tools clearly showed those non-ASCII
bytes in an escaped format.

Of course, if the kernel wanted to match "system", it wouldn't match
then, but the fact that it may _appear_ to be correct to an admin may
introduce a security issue if extended permissions were ever
implemented on top of that system.  Perhaps that this problem could
also exist with the key names in case they're part of permission
descriptions?

Thanks,
-- 
Matt

Follow-Ups:
- Re: Extended attributes Linux interface
  - From: Emmanuel Dreyfus
- Re: Extended attributes Linux interface
  - From: Matthew Mondor

Prev by Date: Re: fs-independent quotas
Next by Date: Re: fs-independent quotas
Previous by Thread: proposed additions to sys/conf/std
Next by Thread: Re: Extended attributes Linux interface
Indexes:

Home | Main Index | Thread Index | Old Index