On Mon, Jun 13, 2005 at 03:03:32PM +0100, Alan Cox wrote:
> On Llu, 2005-06-13 at 14:48, Neil Horman wrote:
> > The idea I had was to catch processes which are preforming ostensibly
> > undesireable filesystem operations (as defined by the actions that F_NOTIFY can
> > monitor). I'm not sure how else to avoid the race condition that can arise
> > between the delivery of the F_NOTIFY signal to the monitoring process, and the
> > exiting of the monitored process. If you have another thought, I'm certainly
> > open to it.
>
> I'm more worried you will make things worse not better. My first thought
> was what stops me just filling up the file table with admin work
> possibly also involving setuid processes so the end user cannot rescue
> the situation.
>
I understand the concern here, but can't root always do desructive things to the
system?
> If its trying to do debugging then ptrace makes sense and the parent
> would be notified. Ptrace deals with exit of tracer and security for
> you. If you are trying to implement a security policy then the selinux
> hooks already allow you to block access to those files by selected
> processes anyway just as your F_NOTIFY hook would do, and you could even
> write a new security layer with a daemon that decided for the F_NOTIFY
> equivalents.
>
I'll certainly try this again using the ptrace interface, rather than fcntl. Do
you think the whole F_NOTIFY function should move over, or just this particular
feature?
Neil
> Alan
>
--
/***************************************************
*Neil Horman
*Software Engineer
*Red Hat, Inc.
*[email protected]
*gpg keyid: 1024D / 0x92A74FA1
*http://pgp.mit.edu
***************************************************/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]