| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 15 Aug 2008 21:09:42 -0700 From: Arjan van de Ven <arjan@...radead.org> To: "Peter Dolding" <oiaohm@...il.com> Cc: david@...g.hm, rmeijer@...all.nl, "Alan Cox" <alan@...rguk.ukuu.org.uk>, capibara@...all.nl, "Eric Paris" <eparis@...hat.com>, "Theodore Tso" <tytso@....edu>, "Rik van Riel" <riel@...hat.com>, davecb@....com, linux-security-module@...r.kernel.org, "Adrian Bunk" <bunk@...nel.org>, "Mihai Don??u" <mdontu@...defender.com>, linux-kernel@...r.kernel.org, malware-list@...ts.printk.net, "Pavel Machek" <pavel@...e.cz> Subject: Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforon access scanning On Sat, 16 Aug 2008 13:57:50 +1000 "Peter Dolding" <oiaohm@...il.com> wrote: > Anti-Virus has been for years about chasing the threat. Lets try to > get in front of it. You thread model needs a major update its > incomplete. > The problem TALPA is trying to solve is only part of the puzzle. Everyone recognizes that. It's a very relevant part of the puzzle (in corporate context at least), but it's very much so not a complete puzzle. Does that mean we shouldn't deal with this just because it's incomplete? Absolutely not! (nor should we do something that has no value.. but that's not the case; the model that Erik described is quite well defined as "do not give ''bad' content to applications/exec". There is clearly value in that (even though it's not defined what 'bad' is other than 'program X or Y says so', but for now we have to live with that; if it bothers you just think "clamAV"). The implementation idea (have a flag/generationnr in the inode for 'known good', block on read() and mmap(), and schedule async scans in open or on dirty) seems to be quite solid although several details (async queueing model for example but also the general dirty notification system) need to be worked out. Sadly what you're doing is throwing up smoke and just saying "it doesn't solve world hunger as well so it's bad". Please do yourself a favor and stop that before people totally start ignoring you. -- If you want to reach me at my work email, use arjan@...ux.intel.com For development, discussion and tips for power savings, visit http://www.lesswatts.org -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists