lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 8 Aug 2009 12:34:46 +0200 From: Pavel Machek <pavel@....cz> To: Eric Paris <eparis@...hat.com> Cc: Peter Zijlstra <a.p.zijlstra@...llo.nl>, Tvrtko Ursulin <tvrtko.ursulin@...hos.com>, Douglas Leeder <douglas.leeder@...hos.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>, "malware-list@...sg.printk.net" <malware-list@...sg.printk.net>, "Valdis.Kletnieks@...edu" <Valdis.Kletnieks@...edu>, "greg@...ah.com" <greg@...ah.com>, "jcm@...hat.com" <jcm@...hat.com>, "tytso@....edu" <tytso@....edu>, "arjan@...radead.org" <arjan@...radead.org>, "david@...g.hm" <david@...g.hm>, "jengelh@...ozas.de" <jengelh@...ozas.de>, "aviro@...hat.com" <aviro@...hat.com>, "mrkafk@...il.com" <mrkafk@...il.com>, "alexl@...hat.com" <alexl@...hat.com>, "hch@...radead.org" <hch@...radead.org>, "alan@...rguk.ukuu.org.uk" <alan@...rguk.ukuu.org.uk>, "mmorley@....in" <mmorley@....in> Subject: Re: fanotify - overall design before I start sending patches Hi! > > By the above you're hosed anyway since starting a new one will fail due > > to there being no daemon, right? Might as well forfeit all security > > measures once the daemon dies. That is let security depend on there > > being a daemon connected. > > Nope. You should stop calling and thinking of it as a security system. > As I've said multiple times it is at best an indexing and integrity > checking system. We fail open. We don't prevent or care about > malicious local attacks. When a group is evicted everything is going to > just work. The whole reason for the timeout is because I don't trust > userspace not to get it wrong and I'd rather not lose my box because of > it. Yes, the reset I'm proposing allows userspace to screw the Well, if you are using this for hierarchical storage, then this daemon will bring the system down. Face it, you _are_ developing a security system; otherwise features of fanotify do not make sense. (And you are developing _bad_ security system). So... what about just scrapping the open vetoing -- at least from initial version? > > Seems like a weird thing to me, suppose you DoS the system on purpose > > and all clients start getting wonky, you kill them all, and are left > > with non, then you cannot access any of your files anymore and > > everything grinds to a halt? > > Nope, you DoS the system on purpose all the listeners get evicted, now > everything else will be able to open/read data without those listeners > paying attention. When a group is evicted it's evicted. It no longer > needs to say yes or no. Yes so I hammer your web server and you loose your antivirus protection. > > Like said, having the filesystem block actions based on external > > processes seems just asking for trouble. > > Or it seems like exactly what hierarchical storage management systems > want.... Timeout does not make sense for hierarchical storage. Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists