lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Sat, 8 Aug 2009 12:34:46 +0200
From:	Pavel Machek <pavel@....cz>
To:	Eric Paris <eparis@...hat.com>
Cc:	Peter Zijlstra <a.p.zijlstra@...llo.nl>,
	Tvrtko Ursulin <tvrtko.ursulin@...hos.com>,
	Douglas Leeder <douglas.leeder@...hos.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>,
	"malware-list@...sg.printk.net" <malware-list@...sg.printk.net>,
	"Valdis.Kletnieks@...edu" <Valdis.Kletnieks@...edu>,
	"greg@...ah.com" <greg@...ah.com>,
	"jcm@...hat.com" <jcm@...hat.com>, "tytso@....edu" <tytso@....edu>,
	"arjan@...radead.org" <arjan@...radead.org>,
	"david@...g.hm" <david@...g.hm>,
	"jengelh@...ozas.de" <jengelh@...ozas.de>,
	"aviro@...hat.com" <aviro@...hat.com>,
	"mrkafk@...il.com" <mrkafk@...il.com>,
	"alexl@...hat.com" <alexl@...hat.com>,
	"hch@...radead.org" <hch@...radead.org>,
	"alan@...rguk.ukuu.org.uk" <alan@...rguk.ukuu.org.uk>,
	"mmorley@....in" <mmorley@....in>
Subject: Re: fanotify - overall design before I start sending patches

Hi!

> > By the above you're hosed anyway since starting a new one will fail due
> > to there being no daemon, right? Might as well forfeit all security
> > measures once the daemon dies. That is let security depend on there
> > being a daemon connected.
> 
> Nope.  You should stop calling and thinking of it as a security system.
> As I've said multiple times it is at best an indexing and integrity
> checking system.  We fail open.  We don't prevent or care about
> malicious local attacks.  When a group is evicted everything is going to
> just work.  The whole reason for the timeout is because I don't trust
> userspace not to get it wrong and I'd rather not lose my box because of
> it.  Yes, the reset I'm proposing allows userspace to screw the

Well, if you are using this for hierarchical storage, then this daemon
will bring the system down.

Face it, you _are_ developing a security system; otherwise features of
fanotify do not make sense. (And you are developing _bad_ security
system).

So... what about just scrapping the open vetoing -- at least from
initial version?

> > Seems like a weird thing to me, suppose you DoS the system on purpose
> > and all clients start getting wonky, you kill them all, and are left
> > with non, then you cannot access any of your files anymore and
> > everything grinds to a halt?
> 
> Nope, you DoS the system on purpose all the listeners get evicted, now
> everything else will be able to open/read data without those listeners
> paying attention.  When a group is evicted it's evicted.  It no longer
> needs to say yes or no.

Yes so I hammer your web server and you loose your antivirus
protection. 

> > Like said, having the filesystem block actions based on external
> > processes seems just asking for trouble.
> 
> Or it seems like exactly what hierarchical storage management systems
> want....

Timeout does not make sense for hierarchical storage.
									Pavel

-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists