lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 11 Sep 2018 18:11:48 +0300
From:   Amir Goldstein <amir73il@...il.com>
To:     nixiaoming@...wei.com
Cc:     Eric Paris <eparis@...isplace.org>, Robert Love <rlove@...ve.org>,
        John McCutchan <john@...nmccutchan.com>,
        Jan Kara <jack@...e.cz>, Al Viro <viro@...iv.linux.org.uk>,
        linux-kernel <linux-kernel@...r.kernel.org>,
        linux-fsdevel <linux-fsdevel@...r.kernel.org>
Subject: Re: Is it possible to add pid and comm members to the event structure
 to increase the display of user and thread information?

On Tue, Sep 11, 2018 at 9:51 AM Nixiaoming <nixiaoming@...wei.com> wrote:
>
> Inotify api cannot display information about users and processes.
> That is, you can only know that the file event is generated, but you don't know who triggered the event, which is not conducive to fault location.
> Is it possible to add pid and comm members to the event structure to increase the display of user and thread information?
>

"Is it possible?" is not the only relevant question.
I suppose your patch can sort of works, but it exposes information to
potentially unpriveleged
processes, even exposes pid values outside of the process pid namespace.

While those issues could be addressed, you can't change the format
struct inotify_event
without breaking existing applications.

I guess you are not using fanotify API, which already provides pid
information (albiet tgid),
because it lacks other functionality that you need? Which
functionality might that be?
Is it directory modification events?
If so than you might be interested in my effort to add support for
those events to fanotify:
https://github.com/amir73il/fsnotify-utils/wiki/Super-block-root-watch

Your support, should you choose to offer it, could be in the form of
testing patches
and/or just by putting forward your use case as an example for the
need of an extended
fanotify API.

Thanks,
Amir.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ