[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3652.203.33.133.31.1049671923.squirrel@d2.net.au>
From: andrewg at d2.net.au (andrewg@...net.au)
Subject: Re: Syscall implementation could lead to whether or not a file exists
> Hi!
>
>> After a while of experimentation, I found that the following
>> formuala seems to be relatively decent at avoiding false
>> positivites, on my RH box.
>>
>> cutoff = ((success_time + failure_time) / 3) - 2
>>
>> This is somewhat dependant on the load on the box, and where the
>> file is located, though it appears.
>>
>> On some OS's (notably freebsd in my testing) it will store the
>> results of into its cache (different to linux, in the sense that it
>> throws
>> off the algo above.). Thus, if you just create a file and
time
>> open()ing that, then compare it with a file that has
>> been recently opened, you don't get a fair comparsision.
>>
>>
>> Fix:
>>
>> No known fix exists. Not exactly sure whether a fix is
>> appropiate, as the kernel is meant to be as fast as possible.
>
> Umm, this is nasty. Random delay in "return -EPERM" path would not
> help; making sure every syscall returning EPERM last at least 20usec
> would but implementing that would be hard.
Under linux, I would think you could do this in the return from the calling
of sys_call_table easily, in the interrupt handler ;)
However, extending the time the interrupt takes, imo, is bad.
> Pavel
> --
> When do you have heart between your knees?
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Thanks,
Andrew Griffiths
Powered by blists - more mailing lists