Re: fanotify as syscalls

From: Jamie Lokier
Date: Tue Sep 22 2009 - 12:27:43 EST

Next message: Stephen Hemminger: "Re: [RFC] Virtual Machine Device Queues(VMDq) support on KVM"
Previous message: Luciano Rocha: "Re: (un)mount ramfs from C code"
In reply to: Eric Paris: "Re: fanotify as syscalls"
Next in thread: Davide Libenzi: "Re: fanotify as syscalls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Eric Paris wrote:
> That's not the fatal flaw. The fatal flaw is that I am not going to
> write 90% of a rootkit and make it easy to use.

I hate to point out the obvious, but fanotify's ability to intercept
every file access and rewrite the file before the access proceeds is
also 90% of a rootkit...

But fortunately both fanotify and syscall rewriting require root in
the first place.

I think that makes the rootkit argument moot. As long as fanotify
doesn't have a non-root flavour... which really would be handy for
rootkits :-)

> Easy != Good.

I agree.

-- Jamie
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Stephen Hemminger: "Re: [RFC] Virtual Machine Device Queues(VMDq) support on KVM"
Previous message: Luciano Rocha: "Re: (un)mount ramfs from C code"
In reply to: Eric Paris: "Re: fanotify as syscalls"
Next in thread: Davide Libenzi: "Re: fanotify as syscalls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]