>> Personally, I see that behaviour as a serious bug in the current
>> code, as only names that are actually visible should have any
>> affect. OK, there may be names that are invisible that get
>> labelled as illegal, and I see no problem with that, but any
>> other behaviour for names that are not visible is at best a
>> security problem and at worst a disaster waiting to happen.
> Twice now you've asserted without warrant that some unexpected
> FAT behavior is a security issue.
I've asserted CORRECTLY that certain faulty VFAT behaviour is a
security issue. I've made no claims whatsoever about FAT behaviour,
since the said issue doesn't exist in any of the FAT based fs's other
than VFAT.
> It isn't. It's a "if you don't know what you're doing, you can
> fuck up really bad" issue, but not a security one.
So if one installs Linux with a VFAT partition for the root directory,
one won't have any security problems? If you believe that, then I've
500 acres of prime farmland in the middle of the Sahara desert that
you're sure to be interested in!!!
> Now I grant that a confusing scheme like this is probably bad...
> I think we agree there. I think that long names should be the
> only ones available in a vfat-mounted fs, and that short names
> should only be used to fail creation of other files by that
> name. But the reason isn't security. It's principle of least
> surprise, consistency, and five million other things.
If you wish to waffle about why acknowledged security issues aren't
security issues, you have that right. Just don't expect any sane
person to pay much attention.
> If you can present a security issue here... a way that an
> intruder could exploit that situation to cause root to
> accidentally delete files (barring of course, an intruder with
> root access who coulda done it anyway) that I'll eat my words
> and agree that there's a security issue there. Until then, you
> are just confusing the matter.
If you want to restrict "security issues" to just one aspect thereof,
again, you have the right. Deletion of files is probably the LEAST
worrysome security issue though. I for one would be far more worried
about people READING files they shouldn't than about them DELETING
files, since several of the systems I maintain contain lots of stuff
that falls in the "Highly Confidential" category.
Since you've made it quite clear that you intend to keep redefining
terms so you can deny the truth, I won't waste any more of my time
responding to your comments...
Best wishes from Riley.
+----------------------------------------------------------------------+
| There is something frustrating about the quality and speed of Linux |
| development, ie., the quality is too high and the speed is too high, |
| in other words, I can implement this XXXX feature, but I bet someone |
| else has already done so and is just about to release their patch. |
+----------------------------------------------------------------------+
* ftp://ftp.MemAlpha.cx/pub/rhw/Linux
* http://www.MemAlpha.cx/kernel.versions.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/