Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S264538AbUFNV7V (ORCPT ); Mon, 14 Jun 2004 17:59:21 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S264535AbUFNV7V (ORCPT ); Mon, 14 Jun 2004 17:59:21 -0400 Received: from turing-police.cirt.vt.edu ([128.173.54.129]:19076 "EHLO turing-police.cirt.vt.edu") by vger.kernel.org with ESMTP id S264513AbUFNV6a (ORCPT ); Mon, 14 Jun 2004 17:58:30 -0400 Message-Id: <200406142158.i5ELwmQN029768@turing-police.cc.vt.edu> X-Mailer: exmh version 2.6.3 04/04/2003 with nmh-1.0.4+dev To: Alexandre Oliva Cc: linux-kernel@vger.kernel.org Subject: Re: [PATCH] O_NOATIME support In-Reply-To: Your message of "Mon, 14 Jun 2004 18:12:59 -0300." From: Valdis.Kletnieks@vt.edu References: <20040612011129.GD1967@flower.home.cesarb.net> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_1413467893P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Mon, 14 Jun 2004 17:58:48 -0400 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2537 Lines: 57 --==_Exmh_1413467893P Content-Type: text/plain; charset=us-ascii On Mon, 14 Jun 2004 18:12:59 -0300, Alexandre Oliva said: > IMHO it's a bad idea to enable the owner of the file to avoid changing > the atime of their files. I've heard more than once about the atime > bit being used to as proof that a user had actually seen the contents > of a file although s/he claimed s/he hadn't. If it was root-only, > atime could still be used for the same purpose, and would enable > backups with tools that accessed the filesystem through the FS layer, > as opposed to though the block layer, to keep such proof unchanged. Of course, such "proof" is broken. Consider that something so simple as a 'find . | xargs wc -l' will break that "proof" - as will any file manager that looks at magic (anything from 'nautilus' to 'file' - if it uses /etc/magic or / usr/share/file/magic or wherever your distro keeps it, you have a problem). If you don't have O_NOATIME, it doesn't strengthen the "proof" any, because any tool can look at the file and then call utime() to clean up behind itself. Of course, at that point the kernel still has to write that dirty inode back..... If you want *proof* a given userid did/didn't open a file, do up a proper set of audit trail hooks (keep in mind it will likely be even more intrusive than the LSM hooks). And trying to prove a connection from "file opened" to "contents displayed to user" is challenging enough without a *proper* audit trail (one that can cross-correlate open/read/write on the input and output file descriptors). Figuring out how to get from there to "user saw it" will likely require major work (and, in fact, absent an auditable event generated by the user that proves they read the information, almost impossible). cd /usr/src/linux-2.6.6; find . -name '*.[ch]' | xargs cat Let me know if you actually *see* anything. My laptop makes it through the first 200 *files* (comprising some 3168K) in 3.45 seconds or so. --==_Exmh_1413467893P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Exmh version 2.5 07/13/2001 iD8DBQFAzh+XcC3lWbTT17ARApUhAKCSykf9/x9pGAb7YS5BS3eqVder0wCfbXNg jznA5+ihfxbJ6y6ogk+mkmI= =eNed -----END PGP SIGNATURE----- --==_Exmh_1413467893P-- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/