[PATCH] O_NOATIME support for open(2)
Cedric Blancher
cedric.blancher at gmail.com
Mon Aug 28 02:31:42 UTC 2017
You know, this was long discussed in a Solaris rfe, and it was found
that O_NOATIME has serious security implications and can be used to
circumvent atime-based monitoring. So basically, you open a security
hole with this.
Ced
On 26 August 2017 at 18:18, Daniel Roethlisberger <daniel at roe.ch> wrote:
> I'm trying to implement O_NOATIME support for open(2) in order to
> provide a more elegant way for backup/archiving software to
> prevent atime clobbering. Except for a 2008 thread on this list
> I did not find any material; not sure if anybody is interested in
> this or if there are reasons why this was never implemented.
>
> The attached patch against 11.1 implements O_NOATIME support for
> open(2); it prevents read(2) and mmap(2) from clobbering atime if
> the file descriptor was opened with O_NOATIME. O_NOATIME is only
> permitted for root and the owner of the file. Currently it is
> only implemented for ufs/ffs. It seems to work for me but has
> not been extensively tested.
>
> I am interested in feedback from people who know their way around
> I/O and VFS code before I extend this to other file systems, make
> O_NOATIME tunable by fcntl(2), wire it to the Linux compat layer
> and write docs. Does the implementation look sane? Did I miss
> something important?
>
> Specifically, is there a better way to pass O_NOATIME into
> vm_mmap_vnode other than adding an additional boolean_t argument?
> I did not use an additional mmap flag because that would have
> required additional logic to prevent userland from passing the
> flag to the mmap syscall.
>
> Daniel
>
> --
> Daniel Roethlisberger
> http://daniel.roe.ch/
>
>
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
--
Cedric Blancher <cedric.blancher at gmail.com>
[https://plus.google.com/u/0/+CedricBlancher/]
Institute Pasteur
More information about the freebsd-hackers
mailing list