lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1196379099.6473.118.camel@perihelion>
Date:	Thu, 29 Nov 2007 18:31:39 -0500
From:	Jon Masters <jonathan@...masters.org>
To:	Valdis.Kletnieks@...edu
Cc:	Ray Lee <ray-lk@...rabbit.org>,
	Alan Cox <alan@...rguk.ukuu.org.uk>, tvrtko.ursulin@...hos.com,
	Al Viro <viro@....linux.org.uk>,
	Casey Schaufler <casey@...aufler-ca.com>,
	Christoph Hellwig <hch@...radead.org>,
	linux-kernel@...r.kernel.org
Subject: Re: Out of tree module using LSM


On Thu, 2007-11-29 at 15:56 -0500, Valdis.Kletnieks@...edu wrote:
> On Thu, 29 Nov 2007 14:45:51 EST, Jon Masters said:
> > Ah, but I could write a sequence of pages that on their own looked
> > garbage, but in reality, when executed would print out a copy of the
> > Jargon File in all its glory. And if you still think you could look for
> > patterns, how about executable code that self-modifies in random ways
> > but when executed as a whole actually has the functionality of fetchmail
> > embedded within it? How would you guard against that?
> 
> So, just because Fred Cohen showed in his PhD thesis that *perfect* virus/malware
> scanning is equivalent to the Turing Halting Problem, we should abandon
> efforts to make a 99.9998% workable system?

I think you misread what I said. I implied the exact opposite :-)

I'm trying to show that I understand the problem by saying the above,
that doing this perfectly is impossible, but I also happen to believe
that there are those who have solutions that provide a level of
protection to their users, who ask for such things. Hence my point is
that it's not really our place to debate whether virus scanning is
good/bad but more how to provide a sane API. I'll get a spec.

Jon.


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ