Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The author seems to be under the misimpression that CreateFile() is only used whenever the user opens a file. "I opened a file in Photoshop, that called CreateFile() once, right?"

Heck no.



One per second, is what the author proposed! Opening anything is going to be fun :D

    $ strace -e trace=file whoami |& wc -l
    30
    $ strace -e trace=file gimp |& wc -l
    6898  # I closed the GIMP window immediately
Have fun waiting about 1.9 hours for gimp to start up, let alone doing something useful with the software :)

For those who aren't familiar (like the author :P) and are wondering wtf Gimp opens seven thousand files for, here's a random sample:

    $ strace -e trace=file gimp |& shuf | head
    openat(AT_FDCWD, "/usr/share/gimp/2.0/tool-presets/Paint/Bristles.gtp", O_RDONLY) = 12
    access("/usr/share/themes/Adwaita/gtk-2.0/assets/scrollbar-horz-slider.png", F_OK) = 0
    lstat("/usr/share/gimp/2.0/patterns/Food/java.pat", {st_mode=S_IFREG|0644, st_size=12317, ...}) = 0
    openat(AT_FDCWD, "/usr/share/gimp/2.0/icons/Symbolic/scalable/apps/gimp-tool-perspective-clone.svg", O_RDONLY) = 12
    access("/etc/fonts/~/.fonts.conf.d", R_OK) = -1 ENOENT (No such file or directory)
    lstat("/usr/share/gimp/2.0/icons/Symbolic/scalable/apps/gimp-reset.svg", {st_mode=S_IFREG|0644, st_size=7762, ...}) = 0
    openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/libwebp.so.6", O_RDONLY|O_CLOEXEC) = 4
    openat(AT_FDCWD, "/usr/share/gimp/2.0/patterns/Sky/starfield.pat", O_RDONLY) = 12
    openat(AT_FDCWD, "/usr/share/gimp/2.0/patterns/Legacy/pastel.pat", O_RDONLY) = 12
    stat("/usr/share/gimp/2.0/icons/Symbolic/32x32/stock/form", 0x7ffcc15bcea0) = -1 ENOENT (No such file or directory)
So a combination of tools built into gimp, the icon to use for the window, font files, button icons, you name it

(To be fair, not all of these are "read this file" calls. A lot of these are "does this file even exist" ($PATH searches) and such. But I think the point about one per second still stands. How many still-relevant documents do you have? A few thousand? Any rate limit that is usable is going to allow encrypting that before you open your next document tomorrow morning and notice the problem. Heck, at one per second you're going to be screwed after a night of encrypting!)


He accounts for this with signed applications, and user overrides for non-signed applications. Just like how MacOS allows signed applications to run, and (more difficultly than necessary) non-signed ones to run if you approve them.


No, he doesn’t. He never mentions app identity or code signing once.


> There will need to be a way to exempt programs (like compilers and backup tools), and maybe that needs to be issued globally, which means a process for software creators to get a special certificate

Paragraph 7.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: