Inotify PIDs and security.
Looks like my inotify patch was rejected because of security violation. This may sound as somewhat security flaw to allow any process to watch what IO is performed by other processes. Well, it is a valid observation, so I created new version, which only puts PID into the inotify message when either UID of the inotify backend is 0 or equals to UID of the process doing IO. So far without any comments though.
Since I can not get that this it a security flaw, and arguing about that will be endless, I accept that this limitation is valid. In the same line of ‘security’ flaws could be placed following small information leak I found in inotify.
In classical UNIX permission model it is not allowed to get directory listing if it does not have read permission and change directory to given one if it does not have execute bit. Even if you have created directory with some permissions/owner bits, switched current dir to this newly creaated, and then changed its permissions/owner bit, you will not be able to see neither its content nor newly created objects . Here is an example:
$ mkdir /tmp/test $ chmod 700 /tmp/test $ cd /tmp/test /tmp/test$ ls -lai total 24 9486756 drwx------ 2 zbr zbr 4096 2008-11-10 15:40 . 123969 drwxrwxrwt 34 root root 20480 2008-11-10 15:40 .. /tmp/test$ sudo chown 0.0 . [sudo] password for zbr: /tmp/test$ ls -lai ls: .: Permission denied /tmp/test$
With inotify you are able to watch what is being done in directory (or actually in any object) if you were able to attach a watch to its inode. So, if object had read permission, we are able to attach a watch to it, so if later it will change its permissions, watches will not be removed and we will be able to watch its content. Like this:
libionotify-1.1$ LD_PRELOAD=./libionotify.so ./inotify -r /tmp/ CREATE: /tmp/test CREATE: /tmp/test/test1 WRITE : /tmp/test/test1 CREATE: /tmp/test/test2 WRITE : /tmp/test/test2 READ : /tmp/test/test2
while in parallel we do:
$ mkdir /tmp/test $ chmod 700 /tmp/test $ cd /tmp/test /tmp/test$ sudo chown 0.0 . /tmp/test$ sudo dd if=/dev/zero of=./test1 bs=4k count=1 1+0 records in 1+0 records out 4096 bytes (4.1 kB) copied, 0.000326018 seconds, 12.6 MB/s /tmp/test$ sudo dd if=/dev/zero of=./test2 bs=4k count=1 1+0 records in 1+0 records out 4096 bytes (4.1 kB) copied, 0.000321779 seconds, 12.7 MB/s /tmp/test$ sudo cat ./test2
Fix would be to check inotify watch list for given inode when its permissions are changed.
Inotify is watching you!