lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 5 Dec 2022 10:44:44 +0200
From:   Amir Goldstein <amir73il@...il.com>
To:     bugzilla-daemon@...nel.org
Cc:     linux-ext4@...r.kernel.org, Jan Kara <jack@...e.cz>
Subject: Re: [Bug 216775] New: fanotify reports parent PPID insted of PID for
 FAN_MODIFY events

On Mon, Dec 5, 2022 at 7:02 AM <bugzilla-daemon@...nel.org> wrote:
>
> https://bugzilla.kernel.org/show_bug.cgi?id=216775
>
>             Bug ID: 216775
>            Summary: fanotify reports parent PPID insted of PID for
>                     FAN_MODIFY events
>            Product: File System
>            Version: 2.5
>     Kernel Version: 5.15.0
>           Hardware: Intel
>                 OS: Linux
>               Tree: Mainline
>             Status: NEW
>           Severity: normal
>           Priority: P1
>          Component: ext4
>           Assignee: fs_ext4@...nel-bugs.osdl.org
>           Reporter: saikiran.gummaraj@...oud.com
>         Regression: No
>
> Hello,
>
> While I've been developing a library around fanotify in Go, I noticed that
> fanotify subsystem reports the parent process ID in fanotify_event_metadata.pid
> instead of the Process ID when mask is set to FAN_MODIFY. I was able to confirm
> the error through a test and also manually verifying the PIDs in the audit log.
> I did not observe this behaviour for FAN_ACCESS bit.
>
> I've been able to reproduce this on -
>
> Ubuntu 20.04.5 - 5.15.0-53-generic
> Ubuntu 22.10 - 5.19.0-23-generic
>
> It can be reproduced by -
>
> git clone git@...hub.com:opcoder0/fanotify.git
> cd fanotify
> sudo go test -v
>
> The test "TestWithCapSysAdmFanotifyFileModified" fails reporting pid mismatch.
>

It's a test bug.
The modify event with self pid is generated by os.WriteFile()
Either change test to expect modify event with self pid or move
test file creation before starting the listener.

Thanks,
Amir.

Powered by blists - more mailing lists