lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3e8340490906301013k3182093w65d68a0d0c2e19e8@mail.gmail.com>
Date:	Tue, 30 Jun 2009 13:13:08 -0400
From:	Bryan Donlan <bdonlan@...il.com>
To:	Valdis.Kletnieks@...edu
Cc:	Eric Paris <eparis@...hat.com>, linux-kernel@...r.kernel.org,
	malware-list@...sg.printk.net
Subject: Re: fanotify: the fscking all notification system

On Tue, Jun 30, 2009 at 9:22 AM, <Valdis.Kletnieks@...edu> wrote:
> On Mon, 29 Jun 2009 16:08:45 EDT, Eric Paris said:
>
>> fanotify provides two things:
>> 1) a new notification system, sorta like inotify, only instead of an
>> arbitrary 'watch descriptor' which userspace has to know how to map back
>> to an object on the filesystem, fanotify provides an open read-only fd
>> back to the original object.  It should be noted that the set of
>> fanotify events is much smaller than the set of inotify events.
>>
>> 2) an access system in which processes may be blocked until the fanotify
>> userspace listener has decided if the operation should be allowed.
>
> I don't care much about virus scanners - but some of us with petabytes of
> disk space to manage could use tis for HSM applications.  The HSM daemon
> could fanotify on the file, notice that the file accessed referred to a
> special "I've been archived" stub/token, and put the file back before
> giving the go-ahead to the process.
>
> The only sticky question - does this happen early enough that the accessing
> process, when un-blocked, will continue through open() and get the *new*
> version of the newly restored file?
>

In that particular case, why not just make it a sparse file (so the
size fields in stat are correct), and put back the original data in
the very same inode?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ