Robert Love在讨论中解释了为何Linux内核inotify不提供进程和用户信息。从技术上讲,这很容易实现,但他担心这可能导致特性膨胀,并引发安全争议。
[url]http://groups.google.com/group/linux.kernel/browse_thread/thread/3e45bbe4ae4fce5b/d745471e60cd7656?hl=en&#d745471e60cd7656[/url]
在这里 Robert Love 说明了为什么不提供 user 和 process 信息的原因:
[quote]
Hi, Chris.
> On a newsgroup someone was using inotify, but was asking if there was
> any way to also determine which process/user had caused the notification.
> Is this something that would make sense (as an optional bit of
> information) in inotify?
It is definitely something that could be added, technically speaking.
I have been hesitant, though. I do not want feature creep to be a
deterrent to acceptance into the Linux kernel. I also think that there
could be arguments about security. Sending the event is one thing,
telling which pid (and thus what user, etc.) caused the event is
another. For example, we can make the argument that read rights on a
file are tantamount to the right to receive a read event. But can we
say that read rights are enough for a unprivileged user to know that
root at pid 820 is writing the file? I don't know.
I'd add it if there were consensus. I don't know that it makes sense,
though.
Robert Love
[/quote]
在这里 Robert Love 说明了为什么不提供 user 和 process 信息的原因:
[quote]
Hi, Chris.
> On a newsgroup someone was using inotify, but was asking if there was
> any way to also determine which process/user had caused the notification.
> Is this something that would make sense (as an optional bit of
> information) in inotify?
It is definitely something that could be added, technically speaking.
I have been hesitant, though. I do not want feature creep to be a
deterrent to acceptance into the Linux kernel. I also think that there
could be arguments about security. Sending the event is one thing,
telling which pid (and thus what user, etc.) caused the event is
another. For example, we can make the argument that read rights on a
file are tantamount to the right to receive a read event. But can we
say that read rights are enough for a unprivileged user to know that
root at pid 820 is writing the file? I don't know.
I'd add it if there were consensus. I don't know that it makes sense,
though.
Robert Love
[/quote]
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
