[PATCH] O_NOATIME support for open(2)
Daniel Roethlisberger
daniel at roe.ch
Mon Aug 28 07:21:39 UTC 2017
Cedric Blancher <cedric.blancher at gmail.com> 2017-08-28:
> You know, this was long discussed in a Solaris rfe,
Can you provide a pointer to the discussion you are refering to?
> and it was found that O_NOATIME has serious security
> implications and can be used to circumvent atime-based
> monitoring. So basically, you open a security hole with this.
Can you elaborate on what exactly you mean by "atime-based
monitoring"? Are you thinking about DFIR?
How would the "serious security implications" differ from those
of utimes(2)? Note that the use of O_NOATIME is restricted to
the file owner and root.
My take would be that atimes should not be confused with
auditing.
Daniel
--
Daniel Roethlisberger
http://daniel.roe.ch/
More information about the freebsd-hackers
mailing list