| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 20 Nov 2008 14:34:11 -0800 From: "John McCutchan" <john@...nmccutchan.com> To: "Evgeniy Polyakov" <zbr@...emap.net> Cc: mtk.manpages@...il.com, "Christoph Hellwig" <hch@....de>, "Robert Love" <rlove@...ve.org>, linux-api@...r.kernel.org, linux-kernel@...r.kernel.org, "Andrew Morton" <akpm@...ux-foundation.org> Subject: Re: [take 3] Use pid in inotify events. On Wed, Nov 19, 2008 at 6:53 AM, Evgeniy Polyakov <zbr@...emap.net> wrote: > Hi Michael. > > On Wed, Nov 19, 2008 at 09:34:46AM -0500, Michael Kerrisk (mtk.manpages@...glemail.com) wrote: >> > So effectively you propose to have second generation of the inotify >> > which will have additional pid field, which will be unused by all but >> > the same uid events? >> >> I susepect that Christoph wants the same thing as I do: some thinking >> towards a future-proof design, rather than a quick hack to address the needs >> of a single application. > > So far the only real need is a pid. That will solve the cases I'm > working on and it may be interesting for other applications. It is > possible to extend read/write IO with offset and size parameters though. > > Do you see any other possible extensions? > >> > If you want to return -EPERM, than it will be _always_ returned for non >> > sysadmin capable user, which effectively makes it unusable. >> > >> Again, appropriate flags in inotify_init1() could fix this -- e.g., only >> fill the field (and give an error if no perms) if a flag is set. > > Um, hmm... Permission is _always_ denied for 'alien' IO, as it was > pointed by Robert, at init time there is no way to know, will there be > alien IO (i.e. originated by the process with different uid) or not. > More on this: inotify initialization is just a memory allocation in > the kernel, nothing more. > > We can argue about object insertion into inotify queue though. But > again, we check already that it has read permissions, and if so, we are > allowed to receive notificatons about IO against given target, since if > new code will return for whatever reason -EPERM, people will use old > code. > > So, putting PID/whatever else into event can be flag-driven, but there > is no way to return EPERM anywhere in the call chain not breaking > backward compatibility of the whole idea. I really don't like the idea of overloading the cookie field to store the pid for only the events that don't already use the cookie field. Coming into this late, maybe I missed it but can you explain why you need the pid that caused the event? -- John McCutchan <john@...nmccutchan.com> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists