| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 22 Sep 2009 00:56:15 +0100 From: Jamie Lokier <jamie@...reable.org> To: Andreas Gruenbacher <agruen@...e.de> Cc: Eric Paris <eparis@...hat.com>, Linus Torvalds <torvalds@...ux-foundation.org>, Evgeniy Polyakov <zbr@...emap.net>, David Miller <davem@...emloft.net>, linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org, netdev@...r.kernel.org, viro@...iv.linux.org.uk, alan@...ux.intel.com, hch@...radead.org Subject: Re: fanotify as syscalls Andreas Gruenbacher wrote: > If the antimalware vendors want to base their decisions on pathnames then > that's their decision, and they can check /proc/self/fd/N. Race hazards and loopholes. It doesn't work. > Waiting for your code to demonstrate; an object based cache (e.g., > st_dev + st_ino) rather than a pathname based cache would seem more > reasonable. Nearly everything that people do with files involves paths. The point is to cache what people (or their programs) do. Apache does not consult inodes by number, and rsync does not write inodes by number :-) Yes, to the code... > > > but I see no need for access decisions on them. > > > > Please excuse me; I'm a bit confused. Is fanotify intended just for > > use by access decision programs, or is the plan now for it to also be > > a replacement for inotify? I'm getting conflicting signals about > > that. > > Inotify doesn't support access decisions. So where's the problem with > having "notify only" events for directory / mount / unmount events? No problem here. You seemed to be saying you want to add directory events to fanotify. But if fanotify is only intended for access decisions? Something I must have misunderstood in that. > > If it's just for access decision programs, and if those aren't going > > to care about location, then there's no need to add directory events > > to fanotify at all. But then I'll be demanding subtree support in > > inotify, please :-) > > > > > Even less so for mounts and unmounts. > > > > (as root) mkdir foo; mount dodgy foo -oloop; mount --bind foo/cat > > /bin/cat > > ... and then someone accesses /bin/cat, which triggers a fanotify access > decision. That's fine as long as there was no location-awareness in the logic which checked foo/innocent.txt and set that inode's "read-ok,cache-me" bit. Mount only matters if you're sensitive to location. If you think location-independent checks make good anti-malware I_have_a_bridge_to_sell^H^H^H^H^H^H^H^H^H^H^Hfine with me :-) -- Jamie -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists