| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 04 Aug 2009 12:27:48 -0400 From: Eric Paris <eparis@...hat.com> To: Tvrtko Ursulin <tvrtko.ursulin@...hos.com> Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>, "malware-list@...sg.printk.net" <malware-list@...sg.printk.net>, "Valdis.Kletnieks@...edu" <Valdis.Kletnieks@...edu>, "greg@...ah.com" <greg@...ah.com>, "jcm@...hat.com" <jcm@...hat.com>, Douglas Leeder <douglas.leeder@...hos.com>, "tytso@....edu" <tytso@....edu>, "arjan@...radead.org" <arjan@...radead.org>, "david@...g.hm" <david@...g.hm>, "jengelh@...ozas.de" <jengelh@...ozas.de>, "aviro@...hat.com" <aviro@...hat.com>, "mrkafk@...il.com" <mrkafk@...il.com>, "alexl@...hat.com" <alexl@...hat.com>, "jack@...e.cz" <jack@...e.cz>, "a.p.zijlstra@...llo.nl" <a.p.zijlstra@...llo.nl>, "hch@...radead.org" <hch@...radead.org>, "alan@...rguk.ukuu.org.uk" <alan@...rguk.ukuu.org.uk>, "mmorley@....in" <mmorley@....in>, "pavel@...e.cz" <pavel@...e.cz> Subject: Re: fanotify - overall design before I start sending patches On Tue, 2009-08-04 at 17:09 +0100, Tvrtko Ursulin wrote: > Hi Eric, all, > > On Friday 24 July 2009 21:13:49 Eric Paris wrote: > > If a FAN_ACCESS_PERM or FAN_OPEN_PERM event is received the listener > > must send a response before the 5 second timeout. If no response is > > sent before the 5 second timeout the original operation is allowed. If > > this happens too many times (10 in a row) the fanotify group is evicted > > from the kernel and will not get any new events. Sending a response is > > Would it make more sense to deny on timeouts and then evict? I am thinking it > would be more secure with no significant drawbacks. Also for usages like HSM > allowing it without data being in place might present wrong content to the > user. I'd be willing to go that route as long as noone else complains. > > The only other current interface is the ability to ignore events by > > superblock magic number. This makes it easy to ignore all events > > in /proc which can be difficult to accomplish firing FANOTIFY_SET_MARK > > with ignored_masks over and over as processes are created and destroyed. > > Just to double-check, that would also work for any other filesystem and is > controllable from userspace? Yes you set these in userspace using setsockopt(). It is based on superblock magic number as found in linux/magic.h. So one could exclude, procfs, sysfs, selinuxfs, etc. It does not provide a way to say 'this ext3 filesystem but not that ext3 filesystem' as ext3 has a single magic number. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists