| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 29 Nov 2007 08:51:48 -0800 From: Stephen Hemminger <shemminger@...ux-foundation.org> To: Jon Masters <jcm@...hat.com> Cc: James Morris <jmorris@...ei.org>, tvrtko.ursulin@...hos.com, linux-kernel@...r.kernel.org, Greg KH <greg@...ah.com> Subject: Re: Out of tree module using LSM On Thu, 29 Nov 2007 11:27:45 -0500 Jon Masters <jcm@...hat.com> wrote: > On Thu, 2007-11-29 at 11:12 +1100, James Morris wrote: > > On Wed, 28 Nov 2007, tvrtko.ursulin@...hos.com wrote: > > > > > So as there is no question the current code does some ugly things it is > > > even more true that we would be even more happy to use an official API. > > > > How about becoming involved in creating that official API ? > > Sophos are interested in doing so, and we have spoken about this several > times recently over the phone. This is why they sent the email in > question yesterday, to kickstart debate. And that's awesome. I am trying > to bring a few of these folks together at the moment, so that we can get > a solution that is acceptable to upstream at some point in the future. > > So, rather than criticise their current code, or their intentions, or > blanketly dismiss the virus protection market, perhaps we can focus > instead on the fact that there is a known third party who wishes to > perform a task that is not well supportable at this moment. We can all > agree the syscall table hacking isn't such a good idea - but these guys > are *very* open to listening to useful alternative suggestions. > > They (virus protection folks) generally think they want to intercept > various system calls, such as open() and block until they have performed > a scan operation on the file. I explained the mmap issue to several of > these companies recently, in quite some detail, and I know they are > interested in listening this time around :-) At the end of the day, what > I have been lead to believe is that they don't care whether they > intercept syscall entries, or use a better method, they just want to > scan files and take some action if a file is "bad". That's it really. > > I have been trying to put together an exact feature set that is needed > from these different vendors, so we can discuss it further here, and > hopefully actually get somewhere, too. There have been a few delays > after I pointed out the mmap issues at some length. > Perhaps this kind of scanning belongs in the application. Couldn't an apache or samba have a plugin to do it? -- Stephen Hemminger <shemminger@...ux-foundation.org> - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists