On Mon, May 8, 2017 at 8:41 PM, Darrick J. Wong [off-list ref] wrote:

On Mon, May 08, 2017 at 12:17:53AM +0200, Jann Horn wrote:

quoted

On Sun, May 7, 2017 at 5:58 PM, Darrick J. Wong [off-list ref] wrote:

quoted

Document the new GETFSMAP ioctl that returns the physical layout of a
(disk-based) filesystem.

[...]

quoted

Also: From a quick glance at the XFS implementation, I don't see any
privilege checks. Am I missing something, or does this API permit an
unprivileged user to determine the number of physical blocks allocated
for any inode, even for inodes the user can't ordinarily see in any
way?

Correct.

What's your reasoning for why this doesn't create any new potential
security issues? For example, as far as I can tell, this would permit
an unprivileged user to determine with high probability whether a set
of large files with known sizes is stored anywhere in the filesystem, even
across containers or so.