Re: Blocking file access within KAUTH
Re: Blocking file access within KAUTH
- Subject: Re: Blocking file access within KAUTH
- From: Terry Lambert <email@hidden>
- Date: Sun, 25 Nov 2007 04:42:10 -0800
On Nov 25, 2007, at 12:30 AM, Damir Dezeljin <email@hidden> wrote:
Terry, Michael: thanks, your posts were really helpful even if my
mail was hard to understand -> was writing just before going to bed :)
Anyway I'll try to clarify my use case a bit better:
Lets say I'm implementing a virus scanner and I want performing some
actions only when (before) the file data is being accessed. So,
ideally I would skip all directory listing or chmod-s, renames and
other operations not requiring file data. As I understood it is not
possible to distinguish between all such operations, but I have to
deal with VNODE action bit mask and do my decision depending on
results (well, first I have to check if the VNODE is a file ...). As
far as good -> I'm going to do some more testing and I guess I'll
return with additional questions later on.
BTW: I don't really care about the path I get from the VNODE. The
only important thing is I will be able to open the resolved path in
user space and scan the file.
I've been considering a "open vnode vp in process q" function for a
while now. There are a number of uses for something like this. If you
could file an enhancement request and link it to a real performance
issue for you, It'd help considerably. Make sure you indicate that
it's a "kernel KPI enhancement request" in the first sentence, as
that will get it routed faster.
Depending on results, I'll block the file access. I'm concerned
about performance and results of my approach for cases Michael
described:
----
there isn't an operation actually in progress, but someone wants to
know whether it would be permitted. You may want to ignore operations
with this bit set for performance reasons, but be aware that it may
give odd results.
----
I some not directly related questions to the subject:
- I have just one MAC available right now. I'm using it for
developing and testing too. This makes it hard tracking down kernel
(my KEXT) deadlocks as I had to reset it lot of times already :)
I'm wondering if it is possible to debug the kernel remotely using a
Linux / Windows box?
Possible, but there are no cookboos for it. We generally expect you to
have a bunch of macs. 8-).
Or is it possible to run Darwin on a normal PC (not MAC) - I'm
pretty sure it is, but I don't know if it is possible compiling or
just loading KEXT-s on such installations.
This works. You have to have all your symbol files etc. over there,
but gdb is pretty much gdb, and you don't need GUI code for it.
- I'm still confused by means for obtaining certain functions
documentations. E.g. I used sources as well, list posts and a PDF to
understand what msleep() actually do. Is there anything I could
install to get 'man msleep' working
Not really, no. We don't have a man(9) section for KPIs. We do have
developer documentation at <http://developer.apple.com> as well as
tech notes.
I did a huge amount of documenting in block comments in the source
code for Leopard (think Amit got early access to at least the UBC
documentation for his book, since the only thing that really changed
there was the per thread creds), but obviously, didn't get to
everything. It's likely to be an iterative process. That should help
some, particulary for credentials, kauth, and the like.
-- Terry
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden