Re: open(2) and O_NOATIME

2008-10-31 Thread Xin LI
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul Schenkeveld wrote: [...] > utimes(2) allows non-root users to (re)set atime provided they own the > file or have write permission. Having O_NOATIME follow the same rules > would not break any assumed security any further than utimes(2) already >

Re: open(2) and O_NOATIME

2008-10-31 Thread Jilles Tjoelker
On Fri, Oct 31, 2008 at 02:48:42PM +0100, Paul Schenkeveld wrote: > utimes(2) allows non-root users to (re)set atime provided they own the > file or have write permission. Having O_NOATIME follow the same rules > would not break any assumed security any further than utimes(2) already > does but gr

Re: open(2) and O_NOATIME

2008-10-31 Thread Paul Schenkeveld
On Fri, Oct 31, 2008 at 08:04:48AM +, Igor Mozolevsky wrote: > 2008/10/31 Jeremy Chadwick <[EMAIL PROTECTED]>: > > > ... If that's what you were referring to, then possibly making O_NOATIME > > only to root would be a suitable compromise. > > And no systems are compromised with rootkits?.. u

Re: open(2) and O_NOATIME

2008-10-31 Thread Igor Mozolevsky
2008/10/31 Jeremy Chadwick <[EMAIL PROTECTED]>: > ... If that's what you were referring to, then possibly making O_NOATIME > only to root would be a suitable compromise. And no systems are compromised with rootkits?.. Igor :-) ___ freebsd-hackers@free

Re: open(2) and O_NOATIME

2008-10-30 Thread Jeremy Chadwick
On Thu, Oct 30, 2008 at 07:16:42PM -0700, Xin LI wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Jeremy Chadwick wrote: > > I've recently been reading about Linux's O_NOATIME flag to open(2), and > > I'm curious why we haven't implemented this. There seem to be a lot of > > good reas

Re: open(2) and O_NOATIME

2008-10-30 Thread Joerg Sonnenberger
On Thu, Oct 30, 2008 at 07:16:42PM -0700, Xin LI wrote: > Em... Allowing administrators to disable NOATIME would be a good thing, > but wouldn't allowing arbitrary program to decide whether atime should > be changed, be a serious security disaster? Think of backup programs. Joerg ___

Re: open(2) and O_NOATIME

2008-10-30 Thread Xin LI
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeremy Chadwick wrote: > I've recently been reading about Linux's O_NOATIME flag to open(2), and > I'm curious why we haven't implemented this. There seem to be a lot of > good reasons to implement such a thing. > > Chances are it's due to lack of ti

open(2) and O_NOATIME

2008-10-30 Thread Jeremy Chadwick
I've recently been reading about Linux's O_NOATIME flag to open(2), and I'm curious why we haven't implemented this. There seem to be a lot of good reasons to implement such a thing. Chances are it's due to lack of time/interest, which is expected, but I was wondering if there were other reasons.