dmesg errors (sgi_fam)

[Daniel J Walsh]

Russell Coker wrote:

>On Wed, 17 Mar 2004 22:39, Martin Ebourne <lists at ebourne.me.uk> wrote:
>  
>
>>Russell Coker <russell at coker.com.au> wrote:
>>    
>>
>>>The problem is that famd is an application which accepts network
>>>connections, wants read access to every file that any user can access. 
>>>If you want to have a secure system you don't want many such programs.
>>>      
>>>
>>Surely it doesn't need access to the file contents - just to stat them, so
>>access to directories (still a security issue, I agree).
>>    
>>
>
>Giving access to file names is still a security issue.  If it can run with 
>only { getattr search } access to directories and getattr access to files 
>then it won't be so bad.  Of course being able to remotely monitor what files 
>someone is writing too also provides some issues (and for some files the 
>names are predictable).
>  
>
We have turned it off for test2 and intend to have a replacement. 
Basically we need one that runs in user space and has access to all 
files that
the user has access to.  Currently famd does stuff with portmapper and still
requires a network communication even if it is only allowing localhost. 
In FC1 it was locked down to localhost.
We realize the that fam provides a needed feature, and are working to 
replace it.

Dan

>  
>
>>>Remote famd operation is only for non-polling notifications over the
>>>network. For most people having polling for file status changes on NFS
>>>will probably be OK.
>>>      
>>>
>>I agree with disabling remote famd, but the original post appeared to be
>>disabling the daemon entirely, which I expect would prevent local file
>>monitoring too. Or do gnome/kde use dnotify directly?
>>    
>>
>
>I don't think that the command Dan suggested would turn it off entirely.  The 
>libfam functionality linked into applications should still do everything you 
>want locally.
>
>  
>
>>Also, I thought RH/Fedora already shipped with remote famd disabled.
>>    
>>
>
>Not last time I checked.
>
>  
>