lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <E1MaRj3-0006En-QS@pomaz-ex.szeredi.hu>
Date:	Mon, 10 Aug 2009 12:03:33 +0200
From:	Miklos Szeredi <miklos@...redi.hu>
To:	eparis@...hat.com
CC:	miklos@...redi.hu, a.p.zijlstra@...llo.nl,
	tvrtko.ursulin@...hos.com, douglas.leeder@...hos.com, pavel@....cz,
	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
	malware-list@...sg.printk.net, Valdis.Kletnieks@...edu,
	greg@...ah.com, jcm@...hat.com, tytso@....edu, arjan@...radead.org,
	david@...g.hm, jengelh@...ozas.de, aviro@...hat.com,
	mrkafk@...il.com, alexl@...hat.com, hch@...radead.org,
	alan@...rguk.ukuu.org.uk, mmorley@....in
Subject: Re: fanotify - overall design before I start sending patches

On Fri, 07 Aug 2009, Eric Paris wrote:
> On Fri, 2009-08-07 at 18:36 +0200, Miklos Szeredi wrote:
> > On Thu, 06 Aug 2009, Eric Paris wrote:
> > > just work.  The whole reason for the timeout is because I don't trust
> > > userspace not to get it wrong and I'd rather not lose my box because of
> > > it.
> > 
> > IMO this has nothing to do with userspace(*) and everything to do with
> > complexity.  Virus scanning is complex and any such code, whether
> > runing in userspace or not, can easily screw up and freeze the system.
> 
> I agree, 'userspace' was not the best term.  Let me rephrase:
> 
> "The whole reason for the timeout is because I don't trust anything not
> to get it wrong and I'd rather not lose my box because of it."

That's clearly not true.  We don't have timers watching filesystems or
security modules to make sure they complete an operation within a
given amount of time.

So there's something else why you think the fanotify interface is
special, and the only reason it's special is that it's a userspace
API.

> > The way to solve that is not to implement hacks on the kernel
> > interface, but rather by separating the complex parts and implementing
> > a simple watchdog layer on top of that, that makes sure things don't
> > go wrong.
> 
> So you would argue that every fanotify listener implement their own
> watchdog layer that may or may not be correct rather than do a single
> watchdog layer for everyone?  And that's better?

As Pavel said, hopefully most fanotify listeners will _not_ need a
watchdog layer.  Maybe virus scanners will need one, but that will be
the least of their worries, probably.

Thanks,
Miklos
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ