Re: DoS with POSIX file locks?

[Trond Myklebust]

On Mon, 2006-03-20 at 08:32 -0700, Matthew Wilcox wrote:
> On Mon, Mar 20, 2006 at 01:52:39PM +0100, Miklos Szeredi wrote:
> > Things look fairly straightforward if the accounting is done in
> > files_struct instead of task_struct.  At least for POSIX locks.  I
> > haven't looked at flocks or leases yet.
> 
> I was thinking that would work, yes.  It might not be worth worrying
> about accounting for leases/flocks since each process can only have one
> of those per open file anyway.
> 
> > steal_locks() might cause problems, but that function should be gotten
> > rid of anyway.
> 
> I quite agree.  Now we need to find a better way to solve the problem it
> papers over.

The _only_ sane way to solve it is to decree that you lose your locks if
you clone(CLONE_FILES) and then call exec(). If there are any
applications out there that rely on the current behaviour, then they are
doomed anyway since there is no way to implement it safely on non-local
filesystems.

Cheers,
  Trond

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/