CN115688187B - Method, device and equipment for safety management of hard link data and storage medium - Google Patents

Method, device and equipment for safety management of hard link data and storage medium Download PDF

Info

Publication number
CN115688187B
CN115688187B CN202310005263.0A CN202310005263A CN115688187B CN 115688187 B CN115688187 B CN 115688187B CN 202310005263 A CN202310005263 A CN 202310005263A CN 115688187 B CN115688187 B CN 115688187B
Authority
CN
China
Prior art keywords
entity file
file
hard link
entity
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310005263.0A
Other languages
Chinese (zh)
Other versions
CN115688187A (en
Inventor
请求不公布姓名
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nfs China Software Co ltd
Original Assignee
Nfs China Software Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nfs China Software Co ltd filed Critical Nfs China Software Co ltd
Priority to CN202310005263.0A priority Critical patent/CN115688187B/en
Publication of CN115688187A publication Critical patent/CN115688187A/en
Application granted granted Critical
Publication of CN115688187B publication Critical patent/CN115688187B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The application provides a method and a device for managing the safety of hard link data, an electronic device and a computer readable storage medium, comprising the following steps: reading process information in a namespace; acquiring an entity file corresponding to the process from a local memory area; analyzing the entity file, and acquiring a link reference value corresponding to the entity file according to an analysis result; and under the condition that the link reference value determines that the process is a hard link executable process, performing unique security check on the entity file corresponding to the hard link executable process to obtain a check result. According to the method and the device, the entity file corresponding to the process in the name space can be acquired, the entity file is analyzed to acquire the real link reference value, and then the real link reference value is utilized to judge whether the entity file of the process is the hard link executable file, so that which processes in the current name space are obtained by running the hard link executable file can be accurately identified, and further the subsequent safety management of the hard link executable file can be realized.

Description

Method, device and equipment for safety management of hard link data and storage medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for managing security of hard link data, an electronic device, and a computer-readable storage medium.
Background
The name space (name space) of the operating system is a code organization form used by many programming languages, and a computer can be classified by the name space to distinguish different code functions, so that the conflict caused by the fact that variable names of different codes are the same when different code fragments are used at the same time is avoided.
Currently, a hard link executable file may run in a namespace environment to become a process, and an operating system kernel may call a read function to determine the process currently running in the namespace and related information of the process, and perform security management on an entity file corresponding to the process.
However, in the current scheme, because the information read from the name space lacks the real information of the entity file, the kernel code is difficult to identify whether the process running in the name space is a hard link process, and it is difficult to perform security identification on the entity file corresponding to the hard link process.
Disclosure of Invention
The embodiment of the application provides a method and a device for safety management of hard link data, and aims to solve the problem that in the prior art, if a kernel code is difficult to identify whether a process running in a namespace is a hard link process, safety identification of an entity file corresponding to the hard link process is difficult to perform.
In a first aspect, an embodiment of the present application provides a method for security management of hard link data, where the method includes:
reading process information of a process running in a namespace;
acquiring an entity file corresponding to the process from a local memory area according to the process information;
analyzing the entity file, and acquiring a link reference value corresponding to the entity file according to an analysis result;
and under the condition that the link reference value determines that the process is a hard link executable process, performing unique security check on an entity file corresponding to the hard link executable process to obtain a check result.
In a second aspect, an embodiment of the present application provides an apparatus for security management of hard link data, where the apparatus includes:
the process reading module is used for reading the process information of the process running in the name space;
the file acquisition module is used for acquiring an entity file corresponding to the process from a local memory area according to the process information;
the analysis module is used for analyzing the entity file and acquiring a link reference value corresponding to the entity file according to an analysis result;
and the checking module is used for carrying out unique security check on the entity file corresponding to the hard link executable process under the condition that the link reference value determines that the process is the hard link executable process, so as to obtain a check result.
In a third aspect, an embodiment of the present application further provides an electronic device, including a processor;
a memory for storing the processor-executable instructions;
wherein the processor is configured to execute the instructions to implement the method of the first aspect.
In a fourth aspect, the present embodiments also provide a computer-readable storage medium, where instructions, when executed by a processor of an electronic device, enable the electronic device to perform the method of the first aspect.
The embodiment of the application can provide a type identification mode of the entity file of the process in the namespace under the condition that the process operation logic in the current namespace is not changed, the entity file corresponding to the process in the namespace is obtained, the entity file is analyzed to obtain a real link reference value, and then the real link reference value is utilized to judge whether the entity file of the process is a hard link executable file, so that which processes in the current namespace are obtained by the operation of the hard link executable file can be accurately identified, and further the subsequent safety management of the hard link executable file can be realized.
The foregoing description is only an overview of the technical solutions of the present application, and the present application can be implemented according to the content of the description in order to make the technical means of the present application more clearly understood, and the following detailed description of the present application is given in order to make the above and other objects, features, and advantages of the present application more clearly understandable.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive labor.
Fig. 1 is a diagram of an implementation scenario provided by an embodiment of the present application;
FIG. 2 is a flowchart illustrating steps of a method for managing security of hard link data according to an embodiment of the present application;
fig. 3 is a flowchart illustrating specific steps of a method for managing security of hard link data according to an embodiment of the present application;
FIG. 4 is a logic interaction diagram of a method for managing security of hard link data according to an embodiment of the present application;
FIG. 5 is a block diagram of a device for security management of hard-linked data according to an embodiment of the present disclosure;
FIG. 6 is a block diagram of an apparatus of the present application;
fig. 7 is a schematic diagram of a server in some embodiments of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without making any creative effort belong to the protection scope of the present application.
The terms first, second and the like in the description and in the claims of the present application are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that embodiments of the application may be practiced in sequences other than those illustrated or described herein, and that the terms "first," "second," and the like are generally used herein in a generic sense and do not limit the number of terms, e.g., the first term can be one or more than one. Furthermore, the term "and/or" as used in the specification and claims to describe an associative relationship of associated objects means that there may be three relationships, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. In the embodiments of the present application, the term "plurality" means two or more, and other terms are similar thereto.
Referring to fig. 1, fig. 1 is an implementation scenario diagram provided in an embodiment of the present application, where an electronic device may include: the system comprises a kernel system, a name space, a local memory area, a logic judgment module and a check module.
The kernel is the most basic part of the operating system, which is a part of software that provides many application programs with secure access to computer hardware, the access is limited, and the kernel determines when and how long a program operates on a certain part of hardware, and the kernel system mainly consists of 5 subsystems of process scheduling, memory management, virtual file system, network interface (NET) and inter-process communication.
The name space has the functions of classifying and distinguishing different codes, and the conflict caused by the fact that variable names among different codes are the same when different code segments are used simultaneously is avoided. Thus, a namespace is effectively a declarative region, a namespace can represent the visible range of an identifier, an identifier can be defined in multiple namespaces, and its meaning in different namespaces is irrelevant. In the embodiment of the present application, the entity file of the executable type stored in the local storage slice area may be run and started as a process in the namespace.
In the related art, when a hard-linked executable file is run in a namespace, a hard-linked executable process of the same type is generated, but the namespace does not obtain a real link reference value of the hard-linked executable file (the link reference value is used for judging whether the process is a hard-linked process). When the process information is displayed in the namespace, the native kernel code logic of the related art displays a link reference value of a default value (usually 1) in the process information of the hard link executable process because the native kernel code logic does not acquire the real link reference value, which results in that the process information displayed in the namespace cannot identify whether the process in the namespace is obtained by running the hard link executable file or the common executable file, and because the identification defect of the entity file type in the related art is overcome, the subsequent security check of the entity file corresponding to the hard link executable process is difficult to be performed.
In order to solve the above problem, in the embodiment of the present application, the process information of the process running in the namespace may be read through the kernel function, the entity file corresponding to the process is acquired from the local storage area according to the process information, then the entity file is analyzed, and the real link reference value corresponding to the entity file is acquired according to the analysis result. The logic judgment module can determine whether the process running in the namespace is a hard link executable process according to the link reference value, and based on the definition of the hard link, under the condition that the link reference value is greater than 1, the process corresponding to the link reference value is the hard link executable process. Finally, the checking module can perform unique security check on the entity file of the hard link executable process judged by the logic judgment module so as to realize security management on the entity file of the hard link executable process.
In summary, the embodiment of the present application can provide a type identification manner for an entity file of a process in a namespace without changing a process running logic in a current namespace, and determine whether the entity file of the process is a hard link executable file by obtaining the entity file corresponding to the process in the namespace, analyzing the entity file to obtain a real link reference value, and then using the real link reference value to determine whether the entity file of the process is the hard link executable file, thereby accurately identifying which processes in the current namespace are obtained by running the hard link executable file, and further implementing subsequent security management on the hard link executable file.
Fig. 2 is a flowchart of steps of a method for managing security of hard link data according to an embodiment of the present application, and is applied to a server, and as shown in fig. 2, the method may include:
step 101, reading process information of a process running in a namespace.
In the embodiments of the present application, the concept of hard linking is first explained in detail:
the hard link refers to that files are linked through an index node (inode), the inode may contain meta information of the files (such as file user identification, file group name, file authority, timestamp, link reference value, storage location, etc.), and each file has a corresponding inode. The inode may be stored in one of the local storage sections that is dedicated to storing inodes (inode tables) that have corresponding inode identifications that may help the kernel system identify the inode. The process of identifying a file by the kernel system comprises the steps that the kernel system firstly finds the index node identification of the file, then finds the index node of the file through the index node identification, and finally finds the file through the storage position in the index node.
In the linux system environment, multiple file names are allowed to correspond to one index node identifier, and the condition that multiple file names correspond to one index node is called hard link. The file names have the same index node identification, which means that the file names point to the same file, namely that one file has two names, and the number of different file names linked with one file can be represented by a link reference value in the index node. When the original file is moved or deleted, the hard link is not broken because it references the physical data of the file and not the location of the file in the file structure. The hard-linked file does not require the user to have access to the original file, and the position of the original file is not displayed, so that the file security is facilitated. If the deleted file has a corresponding hard link, the file will remain until all references to it have been deleted.
Advantages of hard links include: 1. the file is prevented from being deleted by mistake, and the file can be deleted only after all the links of the same file pointed by the hard links are deleted; 2. multiple file names that are not in or are in the same directory can modify the same file, wherein after a modification, all files with hard links are modified together.
Based on the above definition of hard links, it can be known that a hard link file refers to a file linked with 2 or more than 2 different file names, and the link reference value of the file can be used to reflect the number of file names linked by the file. The embodiment of the application can be used for conveniently identifying whether the entity file of one process in the namespace is a hard link executable file or not by acquiring the real link reference value of the file.
In this step, first, process information of a process running in the namespace needs to be read. Specifically, which processes run in the namespace and the process information of the processes can be determined by a namespace related read function.
And 102, acquiring an entity file corresponding to the process from a local memory area according to the process information.
In this embodiment of the application, after obtaining the process information of the process running in the namespace, the kernel system may further obtain an entity file corresponding to the process from the local storage area according to the process information of the process. The process specifically includes that the kernel system obtains an absolute path of an entity file corresponding to the process in the local storage area through a path reading function, the absolute path reflects a real and complete storage path of the entity file in the local storage area, and a storage directory of the entity file corresponding to the process in the local storage area can be found through the absolute path, so that the entity file stored in the storage directory is obtained.
Specifically, in the running mechanism of the native kernel system, the entity file of the process running in the namespace is stored in a fixed directory, for example,/var/lib/test/usr/bin/test.sh, but after the entity file runs as a process in the namespace, the process information of the process read from the namespace can only obtain the relative path of the entity file (compared with the absolute path, the relative path is the path remaining after the namespace working path in the absolute path is removed), for example: sh, the entity file is difficult to accurately find through the relative path displayed by the namespace, and the kernel system can directly acquire the absolute path of the entity file corresponding to the process through the path reading function, so that the entity file is accurately found.
And 103, analyzing the entity file, and acquiring a link reference value corresponding to the entity file according to an analysis result.
In the embodiment of the application, after the entity file is found, the entity file can be analyzed, the index node corresponding to the entity file can be obtained according to the analysis result, and the link reference value corresponding to the entity file is further analyzed and obtained from the index node.
It should be noted that, when the process information is displayed in the namespace, because the native kernel code logic does not obtain the real link reference value of the entity file corresponding to the process when the process is run in the namespace, but displays the link reference value of a default value (usually 1) in the process information of the process, the process information displayed in the namespace is caused, and it is impossible to identify whether the process in the namespace is obtained by running the hard link executable file or the normal executable file. According to the method and the device, the entity file of the process running in the name space is found, the real link reference numerical value corresponding to the entity file is obtained according to the analysis result of the entity file, and then whether the process in the name space is obtained by running the hard link executable file or not can be identified through the real link reference numerical value subsequently.
And 104, performing uniqueness security check on the entity file corresponding to the hard link executable process to obtain a check result under the condition that the link reference value determines that the process is the hard link executable process.
In the embodiment of the present application, the above definition refers to a file linked with 2 or more than 2 different file names, and the link reference value of the file may be used to reflect the number of file names linked with the file. Therefore, in the embodiment of the present application, whether a process running correspondingly in the namespace is a hard link executable process may be determined by using the real link reference value of the entity file obtained in step 103, and the relevant determination logic is that when the real link reference value of the entity file is greater than 1, the process corresponding to the entity file is determined to be a hard link executable process.
Further, from the perspective of security management, entity files stored in the local storage area should be uniquely identifiable, in the operating environment of the namespace, the names linked by the hard link files are multiple, and the index node identifications of the links are consistent, and the link reference values displayed by the process information are all displayed as default values (such as 1), so that a unique security check needs to be performed on files of the executable type of the hard link to implement security management. The uniqueness security check aims to verify that the file contents of the entity files corresponding to the hard link executable process are unique and consistent, and avoid the occurrence of the things affecting data security such as file content tampering and replacement.
It should be noted that the embodiment of the present application is applicable to a hardware device using a linux kernel, and the hardware device can normally run a linux operating system.
In summary, the embodiment of the present application can provide a type identification manner for an entity file of a process in a namespace without changing a process running logic in a current namespace, and determine whether the entity file of the process is a hard link executable file by obtaining the entity file corresponding to the process in the namespace, analyzing the entity file to obtain a real link reference value, and then using the real link reference value to determine whether the entity file of the process is the hard link executable file, thereby accurately identifying which processes in the current namespace are obtained by running the hard link executable file, and further implementing subsequent security management on the hard link executable file.
Fig. 3 is a flowchart of specific steps of a method for managing security of hard link data according to an embodiment of the present application, and as shown in fig. 3, the method may include:
step 201, obtaining the process information of the process running in the name space by calling the exec function of the name space.
In the embodiment of the present application, the process information of the process running in the namespace may be obtained by calling an exec function of the namespace. The exec function provides a method for starting another program to execute in the process, and can find an executable process according to a specified file name or directory name, find all processes running in a name space by running the exec function, and show process information of the processes.
Step 202, obtaining an absolute path of the entity file corresponding to the process in the local memory slice area according to the process information by calling a path reading function of the kernel space.
In the operation mechanism of the native kernel system, the process information of the process operating in the namespace can only obtain the relative path of the entity file, and the entity file cannot be directly found according to the relative path because of the incompleteness of the relative path. In the embodiment of the application, the absolute path of the entity file corresponding to the process in the local storage fragment area can be obtained according to the process information by calling the path reading function of the kernel space, and then the entity file stored in the local storage fragment area can be accurately found according to the absolute path.
Step 203, extracting the entity file from the local storage area according to the absolute path.
After the absolute path of the entity file is determined, the entity file can be directly extracted from the local storage fragment area. Specifically, the entity file may be obtained by using a file () function of the kernel system, where the file () function is used to read the entire file into an array, that is, the entity file is returned as an array.
Step 204, analyzing the entity file to obtain an index node identifier corresponding to the entity file.
In the embodiment of the application, the attribute information of the entity file can be obtained by analyzing the entity file, and the attribute information has the index node identifier corresponding to the entity file. In the foregoing embodiment, the hard link refers to that entity files are linked through an index node, each entity file has a corresponding index node, the index node has a corresponding index node identifier to help a kernel system identify the index node, and a link reference value in the index node may be used to reflect the number of file names linked by the entity files.
In order to determine whether an entity file corresponding to a process running in a namespace is a hard-linked executable file, in the embodiment of the application, first, an index node identifier corresponding to the entity file needs to be obtained, so that an index node corresponding to the entity file can be found subsequently according to the index node identifier, and a link reference value used for determining whether the entity file is the hard-linked executable file is found from the index node.
Step 205, obtaining the index node file corresponding to the entity file according to the index node identifier.
In this step, after the index node identifier is obtained, an index node file corresponding to the entity file may be obtained in an inode table (inode table) of a local storage partition, where the index node is specially stored.
And step 206, analyzing the index node file to obtain a link reference value corresponding to the entity file.
In this step, the index node file is parsed to obtain the meta information of the entity file, where the meta information of the entity file includes the real link reference value corresponding to the entity file.
Step 207, determining that the process is a hard link executable process when the link reference value of the entity file corresponding to the process is greater than 1.
In the embodiment of the present application, the above definition refers to a file linked with 2 or more than 2 different file names, and the link reference value of the file may be used to reflect the number of file names linked with the file. Therefore, the embodiment of the application can judge whether the process running correspondingly in the namespace is a hard link executable process or not by the obtained real link reference value of the entity file, and the relevant judgment logic considers that the process corresponding to the entity file is the hard link executable process under the condition that the real link reference value of the entity file is greater than 1.
And 208, under the condition that the link reference value determines that the process is a hard link executable process, performing uniqueness security check on an entity file corresponding to the hard link executable process to obtain a check result.
This step may specifically refer to step 104, which is not described herein.
Optionally, the analysis result of the entity file further includes preset security verification information; the step 208 may specifically include:
substep 2081, calculating to obtain security metric information according to the file content, the absolute path and the preset check algorithm of the entity file corresponding to the hard link executable process.
Substep 2082, obtaining the verification result by comparing the security metric information with the preset security verification information.
In the embodiment of the present application, for sub-steps 2081 to 2082, based on the requirement of data security management, a unique security check needs to be performed on an entity file corresponding to a hard link executable process. Firstly, the analysis result of the entity file comprises preset safety verification information, wherein the preset safety verification information is a preset parameter and is used for comparing with safety measurement information obtained by real-time calculation of the entity file in the uniqueness safety verification, so that the uniqueness safety verification is completed. The preset security verification information may be a result calculated in advance using the file content, the absolute path, and the preset verification algorithm of the real entity file.
Specifically, when the uniqueness security check is executed, the security metric information can be calculated according to the file content, the absolute path and the preset check algorithm of the entity file corresponding to the currently acquired hard link executable process, and then the uniqueness security check can be completed by comparing the security metric information obtained by real-time calculation with the preset security verification information, wherein the uniqueness security check aims to verify that the file content and the absolute path of the entity file are unique and are not tampered or replaced.
The verification algorithm adopted when the security measurement information of the entity file corresponding to the currently acquired hard link executable process is calculated in real time is the same as the verification algorithm for calculating the preset security verification information in advance. The verification algorithm may be an encryption algorithm, such as a hash encryption algorithm, and the like, which is not limited in this embodiment.
Optionally, sub-step 2082 may specifically include:
and a substep A1, determining that the verification result is that the entity file corresponding to the hard link executable process passes the unique security verification under the condition that the security measurement information is consistent with the preset security verification information.
In the embodiment of the application, if the security metric information obtained by real-time calculation is consistent with the preset security verification information, the file content and the absolute path of the currently acquired entity file are considered to be not tampered and replaced compared with the file content and the absolute path before, so that the entity file corresponding to the hard link executable process passes the uniqueness security check, that is, the data of the entity file is safe and reliable.
And a substep A2, under the condition that the security measurement information is inconsistent with the preset security verification information, determining that the verification result is that the entity file corresponding to the hard link executable process does not pass the uniqueness security verification.
In the embodiment of the application, if the security metric information obtained by real-time calculation is inconsistent with the preset security verification information, the file content and the absolute path of the currently acquired entity file are considered to be possibly tampered and replaced, so that the entity file corresponding to the hard link executable process cannot pass the uniqueness security check, and at the moment, related early warning can be performed for security elimination.
Finally, referring to fig. 4, fig. 4 is a logic interaction flowchart of a method for managing security of hard link data according to an embodiment of the present application, where a kernel system first executes S1 and reads process information. This process can be implemented by exec function of the namespace.
Further, after S1, S2 may be executed to obtain the entity file. The process can obtain the absolute path of the entity file corresponding to the process in the local memory area according to the process information by calling a path reading function of the kernel space, and finally obtain the entity file through the absolute path.
Further, after S2, S3, parsing may be performed to obtain the link reference value. The process can analyze the entity file to obtain the index node identification corresponding to the entity file, then obtain the index node file corresponding to the entity file according to the index node identification, and finally analyze the index node file to obtain the link reference value.
Further, after S3, S4, hard link logic determination may be performed. The process can be realized by judging whether the link reference value is greater than 1, and if the link reference value is greater than 1, the process of the entity file is a hard link executable process.
And finally, after S4, executing S5, performing uniqueness security check, and returning a check result to the kernel system to complete the security management of the data.
In summary, the embodiment of the present application can provide a type identification manner for an entity file of a process in a namespace without changing a process running logic in a current namespace, and determine whether the entity file of the process is a hard link executable file by obtaining the entity file corresponding to the process in the namespace, analyzing the entity file to obtain a real link reference value, and then using the real link reference value to determine whether the entity file of the process is the hard link executable file, thereby accurately identifying which processes in the current namespace are obtained by running the hard link executable file, and further implementing subsequent security management on the hard link executable file.
Fig. 5 is a block diagram of an apparatus for security management of hard link data according to an embodiment of the present application, where the apparatus includes:
a process reading module 301, configured to read process information of a process running in a namespace;
a file obtaining module 302, configured to obtain, according to the process information, an entity file corresponding to the process from a local storage area;
the analysis module 303 is configured to analyze the entity file, and obtain a link reference value corresponding to the entity file according to an analysis result;
a checking module 304, configured to, when the link reference value determines that the process is a hard link executable process, perform unique security check on an entity file corresponding to the hard link executable process to obtain a check result.
Optionally, the file obtaining module 302 includes:
the path obtaining submodule is used for obtaining an absolute path of the entity file corresponding to the process in the local memory area according to the process information by calling a path reading function of a kernel space;
and the file extraction sub-module is used for extracting the entity file from the local storage area according to the absolute path.
Optionally, the parsing module 303 includes:
the identification acquisition submodule is used for analyzing the entity file and acquiring the index node identification corresponding to the entity file;
the index node file obtaining submodule is used for obtaining an index node file corresponding to the entity file according to the index node identification;
and the link reference value acquisition submodule is used for analyzing the index node file to acquire the link reference value corresponding to the entity file.
Optionally, the apparatus further comprises:
and the judging module is used for determining that the process is a hard link executable process under the condition that the link reference value of the entity file corresponding to the process is greater than 1.
Optionally, the analysis result of the entity file further includes preset security verification information;
the verification module 304 includes:
the safety measurement information calculation sub-module is used for calculating to obtain safety measurement information according to the file content, the absolute path and the preset check algorithm of the entity file corresponding to the hard link executable process;
and the comparison submodule is used for comparing the safety measurement information with the preset safety verification information to obtain the verification result.
Optionally, the comparing sub-module includes:
a verification passing unit, configured to determine that the verification result is that the entity file corresponding to the hard link executable process passes the unique security verification under the condition that the security metric information is consistent with the preset security verification information;
and the verification failing unit is used for determining that the verification result is that the entity file corresponding to the hard link executable process fails the unique security verification under the condition that the security measurement information is inconsistent with the preset security verification information.
Optionally, the process reading module 301 is specifically configured to: and acquiring the process information of the process running in the name space by calling the exec function of the name space.
In summary, the embodiment of the present application can provide a type identification manner for an entity file of a process in a namespace without changing a process running logic in a current namespace, and determine whether the entity file of the process is a hard link executable file by obtaining the entity file corresponding to the process in the namespace, analyzing the entity file to obtain a real link reference value, and then using the real link reference value to determine whether the entity file of the process is the hard link executable file, thereby accurately identifying which processes in the current namespace are obtained by running the hard link executable file, and further implementing subsequent security management on the hard link executable file.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
The embodiment of the application provides a device for the security management of hard link data, which comprises a memory and more than one program, wherein the more than one program is stored in the memory, and the more than one program is configured to be executed by more than one processor and comprises the steps for carrying out the method described in one or more embodiments.
Fig. 6 is a block diagram illustrating a security management apparatus 800 for hard-linked data according to an example embodiment. For example, the apparatus 800 may be a mobile phone, a computer, a digital broadcast terminal, a messaging device, a game console, a tablet device, a medical device, an exercise device, a personal digital assistant, and the like.
Referring to fig. 6, the apparatus 800 may include one or more of the following components: processing component 802, memory 804, power component 806, multimedia component 808, audio component 810, input/output (I/O) interface 812, sensor component 814, and communication component 816.
The processing component 802 generally controls overall operation of the device 800, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing elements 802 may include one or more processors 820 to execute instructions to perform all or a portion of the steps of the methods described above. Further, the processing component 802 can include one or more modules that facilitate interaction between the processing component 802 and other components. For example, the processing component 802 can include a multimedia module to facilitate interaction between the multimedia component 808 and the processing component 802.
The memory 804 is configured to store various types of data to support operation at the device 800. Examples of such data include instructions for any application or method operating on device 800, contact data, phonebook data, messages, pictures, videos, and so forth. The memory 804 may be implemented by any type or combination of volatile or non-volatile memory devices, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.
Power components 806 provide power to the various components of device 800. The power components 806 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the apparatus 800.
The multimedia component 808 includes a screen that provides an output interface between the device 800 and a user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 808 includes a front facing camera and/or a rear facing camera. The front-facing camera and/or the rear-facing camera may receive external multimedia data when the device 800 is in an operating mode, such as a shooting mode or a video mode. Each front camera and rear camera may be a fixed optical lens system or have a focal length and optical zoom capability.
The audio component 810 is configured to output and/or input audio signals. For example, the audio component 810 includes a Microphone (MIC) configured to receive external audio signals when the apparatus 800 is in an operational mode, such as a call mode, a recording mode, and a voice information processing mode. The received audio signals may further be stored in the memory 804 or transmitted via the communication component 816. In some embodiments, audio component 810 also includes a speaker for outputting audio signals.
The I/O interface 812 provides an interface between the processing component 802 and peripheral interface modules, which may be keyboards, click wheels, buttons, etc. These buttons may include, but are not limited to: a home button, a volume button, a start button, and a lock button.
The sensor assembly 814 includes one or more sensors for providing various aspects of state assessment for the device 800. For example, the sensor component 814 may detect the open/closed state of the device 800, the relative positioning of components, such as a display and keypad of the apparatus 800, the sensor component 814 may also search for a change in position of the apparatus 800 or a component of the apparatus 800, the presence or absence of user contact with the apparatus 800, orientation or acceleration/deceleration of the apparatus 800, and a change in temperature of the apparatus 800. Sensor assembly 814 may include a proximity sensor configured to detect the presence of a nearby object in the absence of any physical contact. The sensor assembly 814 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 814 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.
The communication component 816 is configured to facilitate communications between the apparatus 800 and other devices in a wired or wireless manner. The device 800 may access a wireless network based on a communication standard, such as WiFi,2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 816 receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 816 further includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on radio frequency information processing (RFID) technology, infrared data association (IrDA) technology, ultra Wideband (UWB) technology, bluetooth (BT) technology, and other technologies.
In an exemplary embodiment, the apparatus 800 may be implemented by one or more Application Specific Integrated Circuits (ASICs), digital Signal Processors (DSPs), digital Signal Processing Devices (DSPDs), programmable Logic Devices (PLDs), field Programmable Gate Arrays (FPGAs), controllers, micro-controllers, microprocessors, or other electronic components for performing the above-described methods.
In an exemplary embodiment, a non-transitory computer-readable storage medium comprising instructions, such as the memory 804 comprising instructions, executable by the processor 820 of the device 800 to perform the above-described method is also provided. For example, the non-transitory computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
Fig. 7 is a schematic diagram of a server in some embodiments of the present application. The server 1900 may vary widely by configuration or performance and may include one or more Central Processing Units (CPUs) 1922 (e.g., one or more processors) and memory 1932, one or more storage media 1930 (e.g., one or more mass storage devices) storing applications 1942 or data 1944. Memory 1932 and storage medium 1930 can be, among other things, transient or persistent storage. The program stored in the storage medium 1930 may include one or more modules (not shown), each of which may include a series of instructions operating on a server. Still further, a central processor 1922 may be provided in communication with the storage medium 1930 to execute a sequence of instruction operations in the storage medium 1930 on the server 1900.
The server 1900 may also include one or more power supplies 1926, one or more wired or wireless network interfaces 1950, one or more input-output interfaces 1958, one or more keyboards 1956, and/or one or more operating systems 1941, such as Windows Server, mac OS XTM, unixTM, linuxTM, freeBSDTM, etc.
A non-transitory computer readable storage medium having instructions therein which, when executed by a processor of an apparatus (server or terminal), enable the apparatus to perform the above-described embodiment methods.
A non-transitory computer-readable storage medium, in which instructions are executed by a processor of an apparatus (server or terminal), so that the apparatus can perform the description of the above-described embodiment method, and thus, the detailed description thereof will not be repeated here. In addition, the beneficial effects of the same method are not described in detail. For technical details not disclosed in the embodiments of the computer program product or the computer program referred to in the present application, reference is made to the description of the embodiments of the method of the present application.
Further, it should be noted that: embodiments of the present application also provide a computer program product or computer program, which may include computer instructions, which may be stored in a computer-readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor can execute the computer instructions, so that the computer device executes the description of the method of the embodiment, and therefore, the detailed description will not be repeated here. In addition, the beneficial effects of the same method are not described in detail. For technical details not disclosed in the embodiments of the computer program product or the computer program referred to in the present application, reference is made to the description of the embodiments of the method of the present application.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the application disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
It will be understood that the present application is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.
The above description is only a preferred embodiment of the present application and should not be taken as limiting the present application, and any modifications, equivalents, improvements and the like that are made within the spirit and principle of the present application should be included in the protection scope of the present application.
The method, the apparatus, the electronic device, and the computer-readable storage medium for managing security of hard link data provided by the present application are introduced in detail, and a specific example is applied in the present application to explain the principle and the implementation of the present application, and the description of the above embodiment is only used to help understanding the method and the core idea of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.

Claims (9)

1. A security management method of hard link data is applied to a server, and is characterized in that the method comprises the following steps:
reading process information of a process running in a namespace;
acquiring an entity file corresponding to the process from a local memory area according to the process information;
analyzing the entity file, and acquiring a link reference value corresponding to the entity file according to an analysis result;
under the condition that the link reference value determines that the process is a hard link executable process, performing uniqueness security check on an entity file corresponding to the hard link executable process to obtain a check result;
the obtaining an entity file corresponding to the process from a local storage area according to the process information includes:
acquiring an absolute path of an entity file corresponding to the process in the local memory area according to the process information by calling a path reading function of a kernel space;
and extracting the entity file from the local storage area according to the absolute path.
2. The method for managing security of hard link data according to claim 1, wherein the parsing the entity file and obtaining the link reference value corresponding to the entity file according to the parsing result includes:
analyzing the entity file to obtain an index node identifier corresponding to the entity file;
acquiring an index node file corresponding to the entity file according to the index node identifier;
and analyzing the index node file to obtain a link reference value corresponding to the entity file.
3. The method for secure management of hard-linked data according to claim 1, further comprising:
and determining that the process is a hard link executable process under the condition that the link reference value of the entity file corresponding to the process is greater than 1.
4. The method for managing the security of the hard link data according to claim 1, wherein the result of parsing the entity file further includes preset security verification information;
the performing the uniqueness security check on the entity file corresponding to the hard link executable process to obtain a check result includes:
calculating to obtain security measurement information according to the file content, the absolute path and a preset verification algorithm of the entity file corresponding to the hard link executable process;
and obtaining the verification result by comparing the safety measurement information with the preset safety verification information.
5. The method for security management of hard link data according to claim 4, wherein the obtaining the verification result by comparing the security metric information with the preset security verification information includes:
under the condition that the security measurement information is consistent with the preset security verification information, determining that the verification result is that the entity file corresponding to the hard link executable process passes the uniqueness security verification;
and under the condition that the security measurement information is inconsistent with the preset security verification information, determining that the verification result is that the entity file corresponding to the hard link executable process does not pass the uniqueness security verification.
6. The method for security management of hard link data according to claim 1, wherein the reading process information of a process running in a namespace comprises:
and acquiring the process information of the process running in the name space by calling the exec function of the name space.
7. An apparatus for secure management of hard-linked data, the apparatus comprising:
the process reading module is used for reading the process information of the process running in the name space;
the file acquisition module is used for acquiring an entity file corresponding to the process from a local memory area according to the process information;
the analysis module is used for analyzing the entity file and acquiring a link reference value corresponding to the entity file according to an analysis result;
the verification module is used for performing uniqueness safety verification on an entity file corresponding to the hard link executable process under the condition that the link reference value determines that the process is the hard link executable process to obtain a verification result;
the file acquisition module comprises:
the path obtaining submodule is used for obtaining an absolute path of the entity file corresponding to the process in the local memory area according to the process information by calling a path reading function of a kernel space;
and the file extraction sub-module is used for extracting the entity file from the local storage area according to the absolute path.
8. An electronic device, comprising: a processor;
a memory for storing the processor-executable instructions;
wherein the processor is configured to execute the instructions to implement the method of any one of claims 1 to 6.
9. A computer-readable storage medium, wherein instructions in the computer-readable storage medium, when executed by a processor of an electronic device, enable the electronic device to perform the method of any of claims 1-6.
CN202310005263.0A 2023-01-04 2023-01-04 Method, device and equipment for safety management of hard link data and storage medium Active CN115688187B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310005263.0A CN115688187B (en) 2023-01-04 2023-01-04 Method, device and equipment for safety management of hard link data and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310005263.0A CN115688187B (en) 2023-01-04 2023-01-04 Method, device and equipment for safety management of hard link data and storage medium

Publications (2)

Publication Number Publication Date
CN115688187A CN115688187A (en) 2023-02-03
CN115688187B true CN115688187B (en) 2023-03-21

Family

ID=85057219

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310005263.0A Active CN115688187B (en) 2023-01-04 2023-01-04 Method, device and equipment for safety management of hard link data and storage medium

Country Status (1)

Country Link
CN (1) CN115688187B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112182584A (en) * 2020-09-28 2021-01-05 广东小天才科技有限公司 Security verification method and device, electronic equipment and storage medium

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7516422B2 (en) * 2005-07-21 2009-04-07 International Business Machines Corporation Graphical display of hierarchical hardlinks to files in a file system
WO2016085532A1 (en) * 2014-11-26 2016-06-02 Hewlett Packard Enterprise Development Lp Secure file deletion
CN109614383B (en) * 2018-11-21 2021-01-15 金色熊猫有限公司 Data copying method and device, electronic equipment and storage medium
CN111291371A (en) * 2020-01-10 2020-06-16 北京深之度科技有限公司 Application program security verification method and device
CN111914303B (en) * 2020-08-07 2023-08-18 中科方德软件有限公司 Security measurement and security verification method for Linux system running state
CN112035510B (en) * 2020-08-28 2023-12-19 中电长城(长沙)信息技术有限公司 Method and system for inquiring complex data of information system
CN114564241B (en) * 2022-02-25 2023-07-25 苏州浪潮智能科技有限公司 Method and device for accessing hardware device, computer device and storage medium

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112182584A (en) * 2020-09-28 2021-01-05 广东小天才科技有限公司 Security verification method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN115688187A (en) 2023-02-03

Similar Documents

Publication Publication Date Title
CN106528389B (en) Performance evaluation method and device for system fluency and terminal
CN111930588A (en) Process monitoring method, device, equipment and storage medium
CN110610090A (en) Information processing method and device, and storage medium
CN109298995B (en) Performance test method and device, electronic equipment and storage medium
CN109962983B (en) Click rate statistical method and device
CN111614990A (en) Method and device for acquiring loading duration and electronic equipment
CN116069612A (en) Abnormality positioning method and device and electronic equipment
CN111813932B (en) Text data processing method, text data classifying device and readable storage medium
CN112559309A (en) Method and device for adjusting page performance acquisition algorithm
CN115688187B (en) Method, device and equipment for safety management of hard link data and storage medium
CN112416751A (en) Processing method and device for interface automation test and storage medium
CN110213062B (en) Method and device for processing message
CN110020082B (en) Searching method and device
CN112667852B (en) Video-based searching method and device, electronic equipment and storage medium
CN115729609A (en) Configuration library information normalization checking method, device, equipment and storage medium
CN115512829A (en) Method, device and medium for acquiring disease diagnosis related group
CN111061633B (en) Webpage first screen time detection method, device, terminal and medium
CN111046385B (en) Software type detection method and device, electronic equipment and storage medium
CN111611470A (en) Data processing method and device and electronic equipment
CN107526683B (en) Method and device for detecting functional redundancy of application program and storage medium
CN112733141B (en) Information processing method and device
CN112463827A (en) Query method and device, electronic equipment and storage medium
CN113946346B (en) Data processing method and device, electronic equipment and storage medium
CN115357519B (en) Test method, device, equipment and medium
CN114020505B (en) Data processing method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant