This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Extended file stat: Splitting file- and fs-specific info?
- From: Christoph Hellwig <hch at infradead dot org>
- To: David Howells <dhowells at redhat dot com>
- Cc: Dave Chinner <david at fromorbit dot com>, adilger at dilger dot ca,bfields at fieldses dot org, smfrench at gmail dot com, ben at decadent dot org dot uk,Trond dot Myklebust at netapp dot com, roland at hack dot frob dot com, jra at samba dot org,bernd dot schubert at itwm dot fraunhofer dot de, linux-fsdevel at vger dot kernel dot org,linux-nfs at vger dot kernel dot org, linux-cifs at vger dot kernel dot org,samba-technical at lists dot samba dot org, linux-ext4 at vger dot kernel dot org,linux-api at vger dot kernel dot org, libc-alpha at sourceware dot org
- Date: Wed, 9 May 2012 07:19:58 -0400
- Subject: Re: Extended file stat: Splitting file- and fs-specific info?
- References: <20120509002420.GL5091@dastard><20120419140558.17272.74360.stgit@warthog.procyon.org.uk><16281.1336508382@redhat.com><20170.1336555274@redhat.com>
On Wed, May 09, 2012 at 10:21:14AM +0100, David Howells wrote:
> Dave Chinner <david@fromorbit.com> wrote:
>
> > I don't think we want to expose the inode generation numbers. It is
> > trivial to construct NFS file handles (usually just fsid, inode
> > number and generation) with that information and hence bypass
> > security checks to access files.
>
> I was asked for it by Bernd Schubert for userspace NFS servers and FUSE -
> maybe he can say what he wants it for.
It's entirely broken, as a generation number might be part of the file
handle (and for Linux-like filesystems normally is), but it's entirely
up to the filesystem to decide how it works. That's why we added system
calls to do operations on opaque file handles that the file system
controls. Exposing a completely meaningless "generation" is a bad idea.