| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1107857542.5016.6.camel@localhost.localdomain> From: barrie at reboot-robot.net (Barrie Dempster) Subject: Multiple AV Vendors ignoring tar.gz archives On Tue, 2005-02-08 at 11:26 +1300, Nick FitzGerald wrote: > Stuart Fox to me: > > > Isn't this similar to what MS do in Windows 2003/XP SP2 with Software > > Restriction Policies? Executables are only allowed to run provided they > > fit a prespecified pattern i.e. name (not very useful), signed or not, > > hash of the executable. > > Yes, but it has to be much more thoroughly implemented. Absolutely, There are a few minor implementations of this but it's something that directory and management systems could incorporate. As most OS's have an "executable permission", it would be an idea to have software thats not in the white-list renderred incapable of having this permission, combined with scan on execute to ensure that the any software that previously has the permissions doesn't execute. This isn't an entirely new idea, but it is one that isn't very well implemented at this stage as noted. ( Gap in the market for any startups reading the list :-P ) -- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue blog: http://zeedo.blogspot.com site: http://www.bsrf.org.uk [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ] -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050208/b69f25a0/attachment.bin
Powered by blists - more mailing lists