On Thu, Jan 6, 2011 at 1:11 PM, Falk Hackenberger <deb...@spam.huckley.de> wrote: >> BTW and OT this behavior is racy, could be better to add an xattr with >> the last scanning time to the file and compare it ? > > http://olivier.sessink.nl/scannedonly/faq.html says: > Extended filesystem attributes could have been an option. They take as > much space as the 0 byte .scanned: files, and a lookup is quick and has > little overhead. However, lots of filesystems do not support extended > attributes, so this would limit the usability of the module.
Ok I understand but it is insecure at least create a random secret extension. And filter this extension. A malicious user could try to race with the daemon, creating a .scanned file and an infected file. sometime it will succeed and the file will be declared sane whereas it is not sane. It is really bad for a security tool to create a false sense of security... And this behavior could be enforced like this: fd = open(somefille...) errno = 0; s = flistxattr(fd,...) if(errno == ENOTSUP && notstrictsaned) fallbacktosandefile(fd); with fallbacktosanedfile(fd) check the availlibilty of a .sanedXXXXX file where XXXX is a secret on the server Bastien -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
