| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 2 Dec 2007 21:22:40 +0100 From: Pavel Machek <pavel@....cz> To: Valdis.Kletnieks@...edu Cc: tvrtko.ursulin@...hos.com, Andi Kleen <andi@...stfloor.org>, ak@...e.de, linux-kernel@...r.kernel.org Subject: Re: Out of tree module using LSM Hi! > > So what you are trying to do is 'application may never read bad > > sequence of bits from disk', right? > > No, in many of the use cases, we're trying to do "if application reads certain > specified sequences of bits from disk we know about it", which is subtly > different. Often, *absolute* prevention isn't required, as long as we can > generate audit trails and/or alerts... > > > Now, how do you propose to solve mmap(MAP_SHARED)? The app on the other cpu may > > see the bad bits before kernel has chance to see them. > > For many usage cases (such as virus scanners), mmap() isn't really an issue, > because if another process is *already* trying to mmap() the file before it's > even finished downloading from the network interface, you have other > problems. Well, if you only want to detect viruses _sometimes_, you can just LD_PRELOAD your scanner. I guess the A/V people should describe what they are trying to do, as in "forbidden sequences of bits should never hit disk" or "forbidden sequences of bits should be never read from disk" or something... Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists