Re: Reading from file in module fails

From: Pascal Schmidt
Date: Tue May 04 2004 - 08:50:02 EST


On Mon, 03 May 2004 14:50:10 +0200, you wrote in linux.kernel:

> That can all be done in userspace.
>
> $ export LD_PRELOAD=3Dlibcopyfilesbeforemodify.so
>
> You just need to program a library that provides all functions that
> modify files (eg. write, open with O_CREAT, ...) and you're done - 100%
> in userspace.

This won't catch asm programs that do syscalls by hand or statically
linked programs. If you really need to catch all write accesses, it
needs to be done in the kernel, probably as an LSM hook or something.

--
Ciao,
Pascal


Now, if you need to squirrel the file away to some secret location
owned by root, then you might want to use a kernel thread. It will
take the same time and delay the open the same amount.
Kernel mode is all about privilige, not about speed. A user-mode
program daemon that operates as root, could also perform the
same function by having the LD_PRELOAD code pipe information to
it. One needs to make sure that the daemon as finished copying
the file before the open() returns of it would be possible for
the original caller to trash the file before it was copied.

If I were given the task of; "Make sure that an idiot can't
delete his files in such a way they can't be restored....".
I'd use a daemon, simply because it's easier and more
interesting. Also, the daemon is configurable. It can read
some configuration file and the password file to find out
where to stash the "wastebaskets". You end up with an extensible
solution. Kernel mode programming is the last thing you want
to do, not the first. You can't access any of the 'C' runtime
library functions although there a few cloned for kernel
programming. It's a bitch to write your own string functions
in such a way that they catch all the corner cases that can
trash the kernel.

Cheers,
Dick Johnson
Penguin : Linux version 2.4.26 on an i686 machine (5557.45 BogoMips).
Note 96.31% of all statistics are fiction.


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/