lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20071129010753.GA19106@kroah.com>
Date:	Wed, 28 Nov 2007 17:07:53 -0800
From:	Greg KH <greg@...ah.com>
To:	Jan Engelhardt <jengelh@...putergmbh.de>
Cc:	Valdis.Kletnieks@...edu, Christoph Hellwig <hch@...radead.org>,
	Al Viro <viro@....linux.org.uk>,
	Casey Schaufler <casey@...aufler-ca.com>,
	"Tvrtko A. Ursulin" <tvrtko.ursulin@...hos.com>,
	linux-kernel@...r.kernel.org
Subject: Re: Out of tree module using LSM

On Thu, Nov 29, 2007 at 01:53:46AM +0100, Jan Engelhardt wrote:
> 
> On Nov 28 2007 16:38, Greg KH wrote:
> >> 
> >> And if we are talking about the situation when files are written to
> >> in controlled way (i.e. we are not concerned with malware running on
> >> the box in question and just want to stop it from passing through
> >> mailsewer, etc.), then there's no damn need to play with LSM - just
> >> have e.g. coda with its commit-on-close and run the scanner on
> >> commit.  End of story.  Mind you, in such setups one would be much
> >> better off just having the mail server run the tests explicitly in
> >> the userland, along with the rest of anti-spam, etc. filters.
> >
> >I've repeated the above statements so many times to a number of the
> >anti-virus companies, and other people that really should know better,
> >that I'm really sick of it.  For some reason, they keep trying to do
> >things like this in the kernel, despite it being trivial to do in
> >userspace properly.
> >
> Do you mean something along the lines of FUSE?

That is one way, but not the simplest or nicest (people don't want to
run their whole fs on FUSE just yet).

The easiest way is as Al described above, just have the userspace
program that wrote the file to disk, check it then.

There are some nice SAMBA plugins that do just that already out there...

thanks,

greg k-h
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ