lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20090724214401.GJ27755@shareable.org>
Date:	Fri, 24 Jul 2009 22:44:01 +0100
From:	Jamie Lokier <jamie@...reable.org>
To:	Eric Paris <eparis@...hat.com>
Cc:	david@...g.hm, linux-kernel@...r.kernel.org,
	linux-fsdevel@...r.kernel.org, malware-list@...sg.printk.net,
	Valdis.Kletnieks@...edu, greg@...ah.com, jcm@...hat.com,
	douglas.leeder@...hos.com, tytso@....edu, arjan@...radead.org,
	jengelh@...ozas.de, aviro@...hat.com, mrkafk@...il.com,
	alexl@...hat.com, jack@...e.cz, tvrtko.ursulin@...hos.com,
	a.p.zijlstra@...llo.nl, hch@...radead.org,
	alan@...rguk.ukuu.org.uk, mmorley@....in
Subject: Re: fanotify - overall design before I start sending patches

Eric Paris wrote:
> On Fri, 2009-07-24 at 13:48 -0700, david@...g.hm wrote:
> > getting an open fd to the file is good for things like content scanning, 
> > but for other things like a HSM re-populating the file, you would need to 
> > pass the path used to open the file at open time. is this in the metadata 
> > you are passing?
> 
> No, I will NOT EVER pass a pathname.  Period.  End of story.  I stated
> the if userspace wants to deal with pathnames (and they understand the
> system setup well enough to know if pathnames even make sense to them)
> they can use readlink(2) on /proc/self/fd

That makes sense.

In most cases where events trigger userspace cache or index updates,
userspace already has enough information to calculate the path (and
any derived data) from the inode number (in the case of non-hard-link
files) or from the inode number of the parent directory and the name
(not full path).

So it wouldn't even need to call readlink(2), provided those bits of
information are passed in the event.

That is one thing which inotify _nearly_ gets right.  Nearly, because
it doesn't pass the inode number when you're watching a directory, and
watching every inode is too expensive.

> > to avoid race conditions, you may want some way that a listener on a 
> > directory can flag that it wants to also be a listener for all new 
> > directories created under the one it is listening on.
> 
> Interesting way to get the subtree checking people want, you do the
> registration yourself the first time on the entire hierarchy and new
> directories will be automagically added.  I could probably do that, I'll
> have to look.

Yes, automagically adding directories is essential, otherwise they can
be added, and someone can populate them with files that have some
effect before userspace gets a chance to scan them.

The other part of useful subtree notification is getting notifications
for a subtree without having to initially scan the whole hierachy
,which can take a long time as well as a huge amount of unnecessary
seeking and I/O.

The third part, which by the way is really recommended for security
applications, is persistence across umount/reboot/mount.  That can be
done either by assuming there are no filesystem changes when userspace
isn't watching it, or by the simple expedient of letting userspace add
an xattr to things it has indexed, with a specially recognised name
that is automatically removed whenever the file/directory is changed.

-- Jamie
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ