Re: File change notification

[John Ogness]

On 01/01/04 09:58, Dave Jones wrote:
> On Thu, Jan 01, 2004 at 09:28:08AM +0800, Michael Clark wrote:
> > Have you had a look at dazuko. It provides a consistent file access
> > notification mechanism (and also intervention for denying access)
> > across linux and freebsd. It is currently being used by various
> > on-access virus scanners. It is under active development and
> > supports 2.6 (and 2.4)
>
> Candidate for "Wackiest sys_call_table patching 2004".
> In a word "ick". Code not to be read on a full stomach.

Hi,

I am the current maintainer of Dazuko. Could you please explain your 
"wackiest 2004" comment? Do you know of a better way to intercept system 
calls for 2.2/2.4 kernels *without* patching the kernel source?

System call hooking is all-around ugly, but unfortunately most operating 
systems don't provide a real mechanism for file access control. With the 
2.6 kernel, Dazuko uses LSM. This is much more elegant and much safer. 
Yes, users have to turn LSM on, but this does not require kernel patches 
(and many distributions are turning this feature on by default).

I would appreciate any feedback you may have about how it could be 
improved. Keep in mind, I refuse to do anything that requires kernel 
source patching.

John Ogness

--
Dazuko Maintainer

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/