| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 29 Nov 2007 10:03:09 -0800 From: "Ray Lee" <ray-lk@...rabbit.org> To: "Greg KH" <greg@...ah.com> Cc: "Jan Engelhardt" <jengelh@...putergmbh.de>, "Jon Masters" <jonathan@...masters.org>, Valdis.Kletnieks@...edu, "Christoph Hellwig" <hch@...radead.org>, "Al Viro" <viro@....linux.org.uk>, "Casey Schaufler" <casey@...aufler-ca.com>, "Tvrtko A. Ursulin" <tvrtko.ursulin@...hos.com>, linux-kernel@...r.kernel.org Subject: Re: Out of tree module using LSM On Nov 29, 2007 9:45 AM, Greg KH <greg@...ah.com> wrote: > > Perhaps if you looked at this outside of a file-server scenario, the > > problem would be clearer? Anti-malware companies want to check > > anything written to disk on a system, either at write time or blocking > > the open/mmap. That means proactively protecting email programs with > > known vulnerabilities that have yet to be patched, web browsers > > writing and reading their caches, an Apache instance running WebDAV, > > the list goes on. And these are on desktop systems, with no attached > > file/network server. > > Ok, if they want to check on every open/mmap then just hook in glibc to > do this. Especially as they want to run userspace code at this point in > time. Doesn't help statically linked binaries, or anything else that bypases glibc. But yes, I'll let them argue their point from here. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists