From owner-freebsd-arch@FreeBSD.ORG Fri Nov 7 15:02:50 2008 Return-Path: Delivered-To: freebsd-arch@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 29DF01065672 for ; Fri, 7 Nov 2008 15:02:50 +0000 (UTC) (envelope-from trasz@FreeBSD.ORG) Received: from pin.if.uz.zgora.pl (pin.if.uz.zgora.pl [212.109.128.251]) by mx1.freebsd.org (Postfix) with ESMTP id E30F58FC21 for ; Fri, 7 Nov 2008 15:02:49 +0000 (UTC) (envelope-from trasz@FreeBSD.ORG) Received: by pin.if.uz.zgora.pl (Postfix, from userid 1001) id D04BF39BC9; Fri, 7 Nov 2008 16:05:44 +0100 (CET) Date: Fri, 7 Nov 2008 16:05:44 +0100 From: Edward Tomasz Napierala To: Ceri Davies Message-ID: <20081107150544.GA12290@pin.if.uz.zgora.pl> References: <20081027193545.GA95872@pin.if.uz.zgora.pl> <20081028161855.GA45129@zim.MIT.EDU> <20081106192829.GA98742@pin.if.uz.zgora.pl> <20081106195558.GG2281@submonkey.net> <20081107111022.GB34757@submonkey.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline In-Reply-To: <20081107111022.GB34757@submonkey.net> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-arch@FreeBSD.ORG Subject: Re: Directory rename semantics. X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Nov 2008 15:02:50 -0000 On 1107T1110, Ceri Davies wrote: > > > After discussion about this with rwatson and pjd, I decided to do > > > the opposite: change ZFS behaviour to match UFS. Reason is simple: > > > this is security, and we want to be conservative here. It's impossible > > > to make sure this change wouldn't cause security problems. > > > > Perhaps it would have been better to either do nothing or create a zfs > > property that toggled this behaviour so that people who expect ZFS to > > behave a certain way get it. I'm not sure why we would want all > > filesystems to behave the same way, to be honest. Because of consistency. Having different access rights behaviour in different filesystems under the same operating system is confusing. > I'm essentially unhappy here that a change to UFS which is local to us > was considered important enough to ask -arch about, while ZFS which > exists on at least two other operating systems was deemed fine to go > ahead and change without review. The change to UFS changes behaviour that 'was always there'. Also, it changes the behaviour to more permissive. On the other hand, change to ZFS is just another fix to make its semantics match ours. Not the first one - our ZFS behaves differently from ZFS under SunOS in other places, e.g. newly created files inherit their group from the parent directory. Also, the change makes it more restrictive. Sure, I can make it controllable via sysctl or a property. However, that would increase complexity - and the risk of security problems - even more, for a very little in return (how many people actually _know_ about this check?). Also, it _was_ reviewed. Just not here. ;-) -- If you cut off my head, what would I say? Me and my head, or me and my body?