Re: request for comment: generic kernel interface for malware vendors - Kernel

This is a discussion on Re: request for comment: generic kernel interface for malware vendors - Kernel ; Rafael C. de Almeida wrote: > Eric Paris wrote: >> [Kernel support for malware scanners] > I'm a newbie here, so don't take me too serious. But I don't see why > that needs a kernel interface, at least from ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Re: request for comment: generic kernel interface for malware vendors

  1. Re: request for comment: generic kernel interface for malware vendors

    Rafael C. de Almeida wrote:
    > Eric Paris wrote:


    >> [Kernel support for malware scanners]


    > I'm a newbie here, so don't take me too serious. But I don't see why
    > that needs a kernel interface, at least from the example on the
    > Documentation directory (patch 9). Seems to me you could just use file
    > permission to deny or allow the access for a certain file. The only
    > thing that would be a little trickier from user-space is to know when a
    > given file is read. So, talpa should do only that or you could take
    > advantage of preload like trickle does for bandwidth shapping.


    How do you ensure that the LD_PRELOAD variable stays intact and will be
    honored by all applications - including that commercial one supplying it's
    own libc, by suid-binaries and by programs written in a non-libc-language?

    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  2. Re: request for comment: generic kernel interface for malware vendors

    On Wed, 23 Jul 2008 14:43:09 +0200
    Bodo Eggert <7eggert@gmx.de> wrote:

    > Rafael C. de Almeida wrote:
    > > Eric Paris wrote:

    >
    > >> [Kernel support for malware scanners]

    >
    > > I'm a newbie here, so don't take me too serious. But I don't see why
    > > that needs a kernel interface, at least from the example on the
    > > Documentation directory (patch 9). Seems to me you could just use
    > > file permission to deny or allow the access for a certain file. The
    > > only thing that would be a little trickier from user-space is to
    > > know when a given file is read. So, talpa should do only that or
    > > you could take advantage of preload like trickle does for bandwidth
    > > shapping.

    >
    > How do you ensure that the LD_PRELOAD variable stays intact and will
    > be honored by all applications - including that commercial one
    > supplying it's own libc, by suid-binaries and by programs written in
    > a non-libc-language?


    neither approach is fool proof for that matter
    it's just a matter of how high you want to put the bar.

    that's why it's really important to see the design ideas for this
    code... to figure out what it is supposed to do

    --
    If you want to reach me at my work email, use arjan@linux.intel.com
    For development, discussion and tips for power savings,
    visit http://www.lesswatts.org
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

+ Reply to Thread