[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Dazuko-help] file action in ExampleThr.pl
|
From: |
Gerhard Sittig |
|
Subject: |
Re: [Dazuko-help] file action in ExampleThr.pl |
|
Date: |
Wed, 9 Apr 2008 11:10:03 +0200 |
|
User-agent: |
Mutt/1.5.8i |
* Thomas Alex <address@hidden> [2008-04-08 15:07]:
>
> I startet to play with DaZuKo and the ExampleThr.pl.
> The plain example scripts works fine with printing out the
> $self->{'acc_data'} object in sub CheckAccessData.
>
> My next step is opening the file given by DaZuKo
> ($self->{'acc_data'}->{'filename'}) with external programs (e.g. cat, or
> a virus scanner) using systen("cat $file") or `cat $file`.
>
> After starting the ExampleThr.pl and open a file (e.g. using vim) the
> vim process dies.
> The include scan path is only set to /home/user.
The vim process does not die, but triggers another file access event
which needs to get handled -- while no registered daemon is available
to carry out the decision whether to deny or grant the access. So the
kernel holds the file access until eternity (until the event gets
handled, which won't ever happen). If there are more threads in the
registered daemon, but each will open another external process as the
event occurs, then it doesn't matter how many threads you have -- you
always need one more thread than you have. Using processes instead of
threads won't change the situation.
You can verify the above explanation by dumping the access event
details before starting the external process. The first innocent
access will lead to an event, the daemon receives the details, starts
the external process, which accesses the file, which leads to an
event, which gets handled by another daemon, which starts another
external process, which accesses the file, which leads to an event,
etc etc ...
You need to inspect the file from within the registered daemon or look
into the TAF feature. Registering more processes which only inspect
files but don't handle new events as they occur in the kernel will
lead to other problems.
Out of curiousity: I'm the author of the threaded example, but as is
documented I had to write it "blindly" since I lack access to a Perl
installation with threads support. So I'm interested in feedback
about bugs in or improvements to the example script.
Yours sincerely
Gerhard Sittig
--
Gerhard Sittig, Software Engineer - Avira GmbH
Phone: +49 (0) 7542-500 500
Fax: +49 (0) 7542-500 576
Email: address@hidden
PGP Key-ID: 1024D/BA7A9EE5
PGP Fingerprint: AF29 3CD2 A531 F5A8 5F42 CB9A 1B7F 59F8 BA7A 9EE5
Avira GmbH
Lindauer Strasse 21, D-88069 Tettnang, Germany
Phone: +49 (0) 7542-500 0
Fax: +49 (0) 7542-525 10
Internet: http://www.avira.com
Chief Executive Officer: Tjark Auerbach
Corporate headquarter: Tettnang
Commercial register: Amtsgericht Ulm, HRB 630992
=================================================
New: Avira AntiVir version 8. With faster virus detection and lots of new
features! http://www.avira.com
=================================================
GENERAL TERMS AND CONDITIONS OF TRADE
Our general terms and conditions of trade (GTCT) apply. You can find
them in the respectively valid version at http://www.avira.com/gtct
***************************************************