| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 24 Jul 2009 22:44:01 +0100 From: Jamie Lokier <jamie@...reable.org> To: Eric Paris <eparis@...hat.com> Cc: david@...g.hm, linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org, malware-list@...sg.printk.net, Valdis.Kletnieks@...edu, greg@...ah.com, jcm@...hat.com, douglas.leeder@...hos.com, tytso@....edu, arjan@...radead.org, jengelh@...ozas.de, aviro@...hat.com, mrkafk@...il.com, alexl@...hat.com, jack@...e.cz, tvrtko.ursulin@...hos.com, a.p.zijlstra@...llo.nl, hch@...radead.org, alan@...rguk.ukuu.org.uk, mmorley@....in Subject: Re: fanotify - overall design before I start sending patches Eric Paris wrote: > On Fri, 2009-07-24 at 13:48 -0700, david@...g.hm wrote: > > getting an open fd to the file is good for things like content scanning, > > but for other things like a HSM re-populating the file, you would need to > > pass the path used to open the file at open time. is this in the metadata > > you are passing? > > No, I will NOT EVER pass a pathname. Period. End of story. I stated > the if userspace wants to deal with pathnames (and they understand the > system setup well enough to know if pathnames even make sense to them) > they can use readlink(2) on /proc/self/fd That makes sense. In most cases where events trigger userspace cache or index updates, userspace already has enough information to calculate the path (and any derived data) from the inode number (in the case of non-hard-link files) or from the inode number of the parent directory and the name (not full path). So it wouldn't even need to call readlink(2), provided those bits of information are passed in the event. That is one thing which inotify _nearly_ gets right. Nearly, because it doesn't pass the inode number when you're watching a directory, and watching every inode is too expensive. > > to avoid race conditions, you may want some way that a listener on a > > directory can flag that it wants to also be a listener for all new > > directories created under the one it is listening on. > > Interesting way to get the subtree checking people want, you do the > registration yourself the first time on the entire hierarchy and new > directories will be automagically added. I could probably do that, I'll > have to look. Yes, automagically adding directories is essential, otherwise they can be added, and someone can populate them with files that have some effect before userspace gets a chance to scan them. The other part of useful subtree notification is getting notifications for a subtree without having to initially scan the whole hierachy ,which can take a long time as well as a huge amount of unnecessary seeking and I/O. The third part, which by the way is really recommended for security applications, is persistence across umount/reboot/mount. That can be done either by assuming there are no filesystem changes when userspace isn't watching it, or by the simple expedient of letting userspace add an xattr to things it has indexed, with a specially recognised name that is automatically removed whenever the file/directory is changed. -- Jamie -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists