Re: Determining specific file sessions
Re: Determining specific file sessions
- Subject: Re: Determining specific file sessions
- From: Michael Smith <email@hidden>
- Date: Tue, 22 Jul 2008 08:04:05 -0700
On Jul 22, 2008, at 5:59 AM, Jernej Azarija wrote:
in my current project I'm using Kauth for a security application. Part
of the application deals with file operation checking and therefore
uses KAUTH_SCOPE_VNODE.
It is required for the application to exactly know when a specific
process open/closed a file. For example, the file `foo.bar' may be
accessed by many processes each holding more than one file descriptor
associated with the given file. It is therefore not enough to know the
time a file was opened/closed as it may relate to different processes
and/or file descriptors within the process.
The only valid idea I could think of to distinguish between various
instances of opened files is to relate each open session with the
process ID and process FD associated with the file. As to my
knowledge, this is impossible within the VNODE scope, and I'm afraid
there is no legal way to do it either (am I right?).
I'd be really thankful is someone could tell me if there is a way to
achieve what I've specified, or alternatively anoher way to get the
same result (either in kernel or user mode).
Firstly, you need to be aware that applications may obtain a file
descriptor referencing file by several methods, including:
- opening the file
- being the child of a process that opened the file
- receiving the file descriptor from another process
- duplicating the descriptor from another already held
If you want to track all of these things, your best bet is going to be
to interpose libSystem in user space.
= Mike
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden