site_archiver@lists.apple.com Delivered-To: darwin-kernel@lists.apple.com -- Terry Thanks again, Oli -----Original Message----- From: Quinn [mailto:eskimo1@apple.com] Sent: 29 November 2005 17:18 To: darwin-kernel@lists.apple.com Subject: Re: Using File Operation Scope (KAUTH_SCOPE_FILEOP) No. _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/tlambert%40apple.com _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... Primarily because antivirus/antispyware/security auditing/etc. tools need to know when files have been touched and need to be (re)scanned or have some other operation performed. The listener can be used for other applications as well, but this was the primary design intent. You could also implement a file operation listener for reporting similar to the "DEVMON" utility for monitoring Windows FS operations by process doing the operating, per the Doctor Dobb's Journal Article "Examining the Windows 95 Layered File System" by Mark Russinovich and Bryce Cogswell in the December 1995 issue (obviously, you'd want to exempt the monitoring process from monitoring itself by identifying who opens th monitoring device established by the monitor KEXT, if you did this last one). On Nov 29, 2005, at 9:26 AM, Oliver Donald wrote: Thanks for the clarification! I found most of this out myself reading the docs more carefully, but I was still interested to hear why the FILEOP scope was only for notification. At 10:29 +0000 29/11/05, Oliver Donald wrote: But my main question is, why does the KAUTH_SCOPE_FILEOP scope not allow me to deny? That's just the way it's designed. KAUTH_SCOPE_FILEOP is for notification, KAUTH_SCOPE_VNODE is for checking. Is there any chance of this being implemented in the future? My second plan would be to use the KAUTH_SCOPE_VNODE scope, but this is too late, Why do you say that? Vnode scope authorization is requested when the file is opened, not for each individual read or write (that would be /way/ too expensive). A vnode scope listener is the correct place to add extra security checks. In fact, the default listener for the vnode scope is responsible for implementing the system's built-in permissions checking. S+E -- Quinn "The Eskimo!" <http://www.apple.com/developer/

Apple Developer Technical Support * Networking, Communications, Hardware DISCLAIMER: The information contained in this e-mail is confidential and may be privileged. It is intended for the addressee only. If you are not the intended recipient, please delete this e-mail immediately. The contents of this email must not be disclosed or copied without the sender's consent. We cannot accept any responsibility for viruses, so please scan all attachments. The statements and opinions expressed in this message are those of the author and do not necessarily reflect those of the company. The company does not take any responsibility for the views of the author. This email sent to tlambert@apple.com This email sent to site_archiver@lists.apple.com