I seem to be a bit stuck on exactly how fopen works (this is in a Linux environment - I'm not sure if it's different from Windows in this regard).
I'm using this simple code bit:
Now, when specifying a file owned by root (not accessbile for the user running the program), the if statement works, and the result is "Failed." Changing ownership of the file to the running user results in "Success". So, this seems to work as basic as possible on files which are accessible/inaccesible due to ownership.
if (fp = fopen("./eicar.com", "a+"))
However, when it comes to file scanners (anti-virus/malware scanners), I cannot get it to work the same way. I'm using an "on-access" scanner which, as far as I know, uses fuse to access the file system real-time.
When I try to open a malware sample (Eicar, the standard test sample for all anti-malware engines) with f.ex. vim, or gedit (LInux notepad look-alike), the scanner stops it and I get "Access denied". However, when running the program with the above C code on the file, it returns "Success". So, for some reason, fopen can open a file which the file system denies access to for other applications.
So, my question is: How does fopen open a file. Is it possible to "emulate" opening a file (for reading, and also for writing) in an application with fopen?
As allways, all hints and/or suggestions are greatly appreciated.
What is your program(executable) permission? root ?
No, running as normal user.
But I found the problem, and it's not related to neither fuse nor fopen, but to the "on-access" scanner. The problem is that if I'm in f.ex. /home/test, and then enable the scanner (if it's disabled initially), then the current folder I'm in isn't "noticed"/"mounted" by the scanner. Changing directory back and forth updated this, and it works.
This post should perhaps be deleted, as it really isn't C-related?