ev_stat inotify implementation might miss events
Marc Lehmann
schmorp at schmorp.de
Tue Jan 26 21:52:01 CET 2010
On Tue, Jan 26, 2010 at 07:53:18PM +0100, Yoann Vandoorselaere <yoann.v at prelude-ids.com> wrote:
> After looking at Linux kernel 2.6.32 kernel code, I can confirm that my
> understanding is not flawed.
>
> I guess you then need to explain why this is a security bug ;)
Actually, it's not called fsnotify - the synchronous mechanism is
_fanotify_, which is implemented to get one event per change. (That's why
I wasn't sure about the name, I looked it up now, again, you can do that,
too, fsnotify is a good starting point).
fsnotify is the new mechanism that is used to implement dnotify, inotify
(which do not give you one event/change and can lose events) and fanotify
(which is synchronous and is used by security-sensitive applications that
need one change per event).
Here are the patchsets:
http://people.redhat.com/~eparis/fsnotify/http://people.redhat.com/~eparis/fsnotify/
Here is some info about it:
http://lwn.net/Articles/339253/
> Google Source search is your friend
or in this case, simply google search. Note it isn't _my_ job to correct
you all the time, it is _yours_.
Just check your facts - each time you start with "it is my understanding"
you were wrong so far.
If I can do it, so can you.
--
The choice of a Deliantra, the free code+content MORPG
-----==- _GNU_ http://www.deliantra.net
----==-- _ generation
---==---(_)__ __ ____ __ Marc Lehmann
--==---/ / _ \/ // /\ \/ / schmorp at schmorp.de
-=====/_/_//_/\_,_/ /_/\_\
More information about the libev
mailing list