| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 30 Jun 2009 13:26:37 -0400 From: Eric Paris <eparis@...hat.com> To: Valdis.Kletnieks@...edu Cc: linux-kernel@...r.kernel.org, malware-list@...sg.printk.net Subject: Re: fanotify: the fscking all notification system On Tue, 2009-06-30 at 09:22 -0400, Valdis.Kletnieks@...edu wrote: > On Mon, 29 Jun 2009 16:08:45 EDT, Eric Paris said: > > > fanotify provides two things: > > 1) a new notification system, sorta like inotify, only instead of an > > arbitrary 'watch descriptor' which userspace has to know how to map back > > to an object on the filesystem, fanotify provides an open read-only fd > > back to the original object. It should be noted that the set of > > fanotify events is much smaller than the set of inotify events. > > > > 2) an access system in which processes may be blocked until the fanotify > > userspace listener has decided if the operation should be allowed. > > I don't care much about virus scanners - but some of us with petabytes of > disk space to manage could use tis for HSM applications. The HSM daemon > could fanotify on the file, notice that the file accessed referred to a > special "I've been archived" stub/token, and put the file back before > giving the go-ahead to the process. > > The only sticky question - does this happen early enough that the accessing > process, when un-blocked, will continue through open() and get the *new* > version of the newly restored file? Yes. Although it going to take just a tiny bit of work from me and you are limited in how to use it. You'll need to request FAN_OPEN_PERM on the file in question. When the file is opened you will need to bring in all the data and write all that data into the file. There is no mechanism to only bring in a piece of a file since you have no way of knowing what exactly the requesting process is requesting. So it's a whole file or nothing type of deal. Current problems: 1) the fd the fanotify listener gets is O_RDONLY. I think I'll add an "f_flags" option which if 0 defaults to O_RDONLY|O_LARGEFILE like we have today but which you could use to indicate O_RDWR or O_WRONLY. We currently give O_RDONLY since you can't request O_WR* on files/libraries mapped exec, so this won't work for executables..... 2) Right now you have 5 seconds to answer an fanotify permissions request, if you don't get it in 5 seconds you are done and the original process gets an allow. But I have a half finished patch which would allow you to delay them infinitely. As long as you keep them delayed you can modify the file they are about to access however you like. You can not rename over the fd you are given, you have to actually copy the data into that fd, since the inode behind the fd you got from fanotify is the same inode the original process is going to get access to after your listener sends an allow. This sound good to you? I don't know your details, but I believe that fanotify directed mode with access permissions is going to be almost exactly what you want.... -Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists