1. Field of the Invention
This invention relates to computer systems and, more particularly, to file-based storage systems.
2. Description of the Related Art
Computer systems often process large quantities of information, including application data and executable code configured to process such data. In numerous embodiments, computer systems provide various types of mass storage devices configured to store data, such as magnetic and optical disk drives, tape drives, etc. To provide a regular and systematic interface through which to access their stored data, such storage devices are frequently organized into hierarchies of files by software such as an operating system, or a file system included within or configured to interface with an operating system. Often a file defines a minimum level of data granularity that a user can manipulate within a storage device, although various applications and operating system processes may operate on data within a file at a lower level of granularity than the entire file.
In some file-based computer systems, various types of information about files, also referred to as metadata, may be stored in addition to the files themselves. Various file system interfaces, such as application programming interfaces (APIs) may be provided to allow users to access files and metadata. In some instances, these interfaces may support various security features with respect to files and metadata, such that different users may have different privileges with respect to different data. For example, a file system may distinguish between a file owner and a non-owner, allowing the owner to perform certain operations that non-owners may not (such as, e.g., modification or deletion of the owned file).
In some computer system embodiments, additional paths for accessing file system data or metadata may be provided externally to the file system. For example, a separate query system may be provided to allow file data or metadata to be queried according to a query language. However, such alternate paths for accessing file system data or metadata are typically not subject to the security features imposed by the file system. Consequently, the security of file system contents may be compromised. For example, if a query system does not recognize a file owner vs. non-owner distinction established by a file system, a non-owner of a given file may be able to exploit the contents of the file via the query system (e.g., to read or modify file contents) in a way that would be disallowed by the file system. Such security discrepancies may lead to a compromise in computer system integrity, data corruption or theft, or other deleterious consequences.