| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20081014205156.1057.12119.stgit@paris.rdu.redhat.com>
Date: Tue, 14 Oct 2008 16:51:56 -0400
From: Eric Paris <eparis@...hat.com>
To: linux-kernel@...r.kernel.org, malware-list@...ts.printk.net
Cc: viro@...IV.linux.org.uk, alan@...rguk.ukuu.org.uk,
arjan@...radead.org, greg@...ah.com, tytso@....edu
Subject: [PATCH -v2 05/16] fanotify: make use of the new fsnotify_open_exec
calls
This function sends fanotify events for opens which we know are being used
for exec. These are basically just systecalls to sys_execve and sys_uselib
Signed-off-by: Eric Paris <eparis@...hat.com>
---
include/linux/fanotify.h | 4 +++-
include/linux/fsnotify.h | 3 ++-
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/include/linux/fanotify.h b/include/linux/fanotify.h
index 7f1179e..c991bd9 100644
--- a/include/linux/fanotify.h
+++ b/include/linux/fanotify.h
@@ -14,13 +14,15 @@
#define FAN_MODIFY 0x00000002 /* File was modified */
#define FAN_CLOSE_NOWRITE 0x00000004 /* Unwrittable file closed */
#define FAN_CLOSE_WRITE 0x00000008 /* Writtable file closed */
-#define FAN_OPEN 0x00000010 /* File was opened */
+#define FAN_OPEN_NOEXEC 0x00000010 /* File was opened */
+#define FAN_OPEN_EXEC 0x00000020 /* File was opened with the intention of being exec'ed */
/* FIXME currently Q's have no limit.... */
#define FAN_Q_OVERFLOW 0x80000000 /* Event queued overflowed */
/* helper events */
#define FAN_CLOSE (FAN_CLOSE_WRITE | FAN_CLOSE_NOWRITE) /* close */
+#define FAN_OPEN (FAN_OPEN_NOEXEC | FAN_OPEN_EXEC) /* open */
/*
* All of the events - we build the list by hand so that we can add flags in
diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h
index 6fc4160..ccee5ea 100644
--- a/include/linux/fsnotify.h
+++ b/include/linux/fsnotify.h
@@ -175,6 +175,7 @@ static inline void fsnotify_modify(struct file *file)
*/
static inline void fsnotify_open_exec(struct file *file)
{
+ fanotify(file, FAN_OPEN_EXEC);
}
/*
@@ -191,7 +192,7 @@ static inline void fsnotify_open(struct file *file)
inotify_dentry_parent_queue_event(dentry, mask, 0, dentry->d_name.name);
inotify_inode_queue_event(inode, mask, 0, NULL, NULL);
- fanotify(file, FAN_OPEN);
+ fanotify(file, FAN_OPEN_NOEXEC);
}
/*
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists