Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pinning semantics are different than on Linux #3737

Open
lmb opened this issue Jul 30, 2024 · 1 comment
Open

Pinning semantics are different than on Linux #3737

lmb opened this issue Jul 30, 2024 · 1 comment
Assignees
@matthewige
Labels
enhancement New feature or request P2 triaged Discussed in a triage meeting
Milestone
Backlog

Comments

@lmb
Copy link
Contributor

lmb commented Jul 30, 2024

Describe the bug

As far as I can tell pinning is implemented in the driver, by keeping a global hash table mapping strings to handles. Removing a pin is calling the same function with INVALID_HANDLE and the string you want to unpin.

  • The string is treated as being utf8 encoded. Filesystem paths on Linux are not required to be utf8. They are just a bag of bytes (without any 0 in it though).
  • Any application / user can unpin any handle. On Linux unpinning is subject to file access controls, which usually means that you have to be the same user. This is bad when an application relies on pinning to ensure that enforcement programs stay active during a restart for example.

OS information

No response

Steps taken to reproduce bug

Roughly (this is just based on reading the source code):

  • Pin "abcd" from app A
  • Unpin "abcd" from app B

Expected behavior

The call to unpin from app B should fail.

Actual outcome

The call to unpin from app B doesn't fail.

Additional details

No response
@lmb lmb added the bug Something isn't working label Jul 30, 2024
@shankarseal
Copy link
Collaborator

Right now since only administrators have privilege to pinning APIs, there is no real security boundary between two applications, and the current behavior is by design.

This is a feature request to apply per-user ACL for pinned objects.

@shankarseal shankarseal added P2 enhancement New feature or request triaged Discussed in a triage meeting labels Aug 5, 2024
@shankarseal shankarseal added this to the Backlog milestone Aug 5, 2024
@shankarseal shankarseal removed the bug Something isn't working label Aug 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@matthewige matthewige

Labels
enhancement New feature or request P2 triaged Discussed in a triage meeting
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
3 participants
@lmb @matthewige @shankarseal