[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-hackers
Subject: Re: [PATCH] O_NOATIME support for open(2)
From: Daniel Roethlisberger <daniel () roe ! ch>
Date: 2017-08-28 7:21:35
Message-ID: 20170828072135.GA40198 () schoggimuss ! roe ! ch
[Download RAW message or body]
Cedric Blancher <cedric.blancher@gmail.com> 2017-08-28:
> You know, this was long discussed in a Solaris rfe,
Can you provide a pointer to the discussion you are refering to?
> and it was found that O_NOATIME has serious security
> implications and can be used to circumvent atime-based
> monitoring. So basically, you open a security hole with this.
Can you elaborate on what exactly you mean by "atime-based
monitoring"? Are you thinking about DFIR?
How would the "serious security implications" differ from those
of utimes(2)? Note that the use of O_NOATIME is restricted to
the file owner and root.
My take would be that atimes should not be confused with
auditing.
Daniel
--
Daniel Roethlisberger
http://daniel.roe.ch/
_______________________________________________
freebsd-hackers@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic