lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Sat, 15 Jun 2013 18:17:27 +0200
From:	xypron.glpk@....de
To:	eparis@...hat.com
Cc:	linux-kernel@...r.kernel.org,
	Heinrich Schuchardt <xypron.glpk@....de>
Subject: [PATCH 1/1] Enable fanotify API by default.

From: Heinrich Schuchardt <xypron.glpk@....de>

The fanotify interface is the basis for on access malware detection
in the Linux kernel. The development of a prior solution (DazukoFS)
has been stopped therefore.

Both free (ClamAV) as well as commercial viurs scanners (Sophos
Anti-Virus, AVG) using this interface exist.

Since kernel version 3.8.0 the implementationof the fanotify inter-
face is errorfree enough to be used on a productive system.
Personally I have been using it for virus scanning on multiple
systems for several months without issues while a developing a
wrapper around ClamAV, see
https://github.com/xypron/skyldav

A large scale usage of the fanotify interface can only expected if
the API is enabled by default.

Hence I recommend to change the Kconfig file accordingly.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@....de>
---
 fs/notify/fanotify/Kconfig |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/fs/notify/fanotify/Kconfig b/fs/notify/fanotify/Kconfig
index e5f911b..929ad74 100644
--- a/fs/notify/fanotify/Kconfig
+++ b/fs/notify/fanotify/Kconfig
@@ -2,7 +2,7 @@ config FANOTIFY
 	bool "Filesystem wide access notification"
 	select FSNOTIFY
 	select ANON_INODES
-	default n
+	default y
 	---help---
 	   Say Y here to enable fanotify support.  fanotify is a file access
 	   notification system which differs from inotify in that it sends
@@ -15,7 +15,7 @@ config FANOTIFY_ACCESS_PERMISSIONS
 	bool "fanotify permissions checking"
 	depends on FANOTIFY
 	depends on SECURITY
-	default n
+	default y
 	---help---
 	   Say Y here is you want fanotify listeners to be able to make permissions
 	   decisions concerning filesystem events.  This is used by some fanotify
@@ -23,4 +23,4 @@ config FANOTIFY_ACCESS_PERMISSIONS
 	   use those files.  This is used by some anti-malware vendors and by some
 	   hierarchical storage managent systems.
 
-	   If unsure, say N.
+	   If unsure, say Y.
-- 
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists