From mboxrd@z Thu Jan  1 00:00:00 1970
From: Eric Paris <eparis-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Subject: Re: fanotify - overall design before I start sending
	patches
Date: Wed, 29 Jul 2009 16:12:09 -0400
Message-ID: <1248898329.2597.57.camel@localhost>
References: <1248466429.3567.82.camel@localhost>
	<20090724224813.GK27755@shareable.org>
	<1248479367.3567.133.camel@localhost>
	<20090725002916.GB13556@shareable.org>
	<20090727183354.GM4231@webber.adilger.int>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Cc: jack-AlSwsSmVLrQ@public.gmane.org, jengelh-nopoi9nDyk+ELgA04lAiVw@public.gmane.org, pavel-AlSwsSmVLrQ@public.gmane.org, alan-qBU/x9rampVanCEyBjwyrvXRex20P6io@public.gmane.org,
	malware-list-h+Im9A44IAFcMpApZELgcQ@public.gmane.org, mrkafk-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org,
	hch-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org, a.p.zijlstra-/NLkJaSkS4VmR6Xm/wNWPw@public.gmane.org, jcm-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
	Jamie Lokier <jamie-yetKDKU6eevNLxjTenLetw@public.gmane.org>, alexl-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
	arjan-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org, david-gFPdbfVZQbY@public.gmane.org, Valdis.Kletnieks-PjAqaU27lzQ@public.gmane.org,
	douglas.leeder-j34lQMj1tz/QT0dZR+AlfA@public.gmane.org, aviro-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
	linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
To: Andreas Dilger <adilger-xsfywfwIY+M@public.gmane.org>
Return-path: <malware-list-bounces-h+Im9A44IAFcMpApZELgcQ@public.gmane.org>
In-Reply-To: <20090727183354.GM4231-RIaA196FMs1uuQVovAj/GogTZbYi8/ss@public.gmane.org>
List-Unsubscribe: <http://dmesg2.printk.net/cgi-bin/mailman/listinfo/malware-list>,
	<mailto:malware-list-request-h+Im9A44IAFcMpApZELgcQ@public.gmane.org?subject=unsubscribe>
List-Archive: <http://dmesg2.printk.net/pipermail/malware-list>
List-Post: <mailto:malware-list-h+Im9A44IAFcMpApZELgcQ@public.gmane.org>
List-Help: <mailto:malware-list-request-h+Im9A44IAFcMpApZELgcQ@public.gmane.org?subject=help>
List-Subscribe: <http://dmesg2.printk.net/cgi-bin/mailman/listinfo/malware-list>,
	<mailto:malware-list-request-h+Im9A44IAFcMpApZELgcQ@public.gmane.org?subject=subscribe>
Sender: malware-list-bounces-h+Im9A44IAFcMpApZELgcQ@public.gmane.org
Errors-To: malware-list-bounces-h+Im9A44IAFcMpApZELgcQ@public.gmane.org
List-Id: linux-fsdevel.vger.kernel.org

On Mon, 2009-07-27 at 12:33 -0600, Andreas Dilger wrote:
> On Jul 25, 2009  01:29 +0100, Jamie Lokier wrote:

> It might also make sense to verify that the process doing the open has
> at least permission to open the file in question (i.e. root) so that
> some unauthorized process cannot just get file handles to arbitrary files.

All current permissions between the listener process and the object are
done.  It's quite possible to get fanotify events where the fd = -EPERM.

-Eric