| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1216686219.3594.6.camel@localhost.localdomain> Date: Mon, 21 Jul 2008 20:23:39 -0400 From: Eric Paris <eparis@...hat.com> To: Christian Borntraeger <borntraeger@...ibm.com> Cc: malware-list@...ts.printk.net, linux-kernel@...r.kernel.org Subject: Re: request for comment: generic kernel interface for malware vendors On Mon, 2008-07-21 at 20:14 +0200, Christian Borntraeger wrote: > Am Montag, 21. Juli 2008 schrieb Eric Paris: > > First I'd like to thank Sophos who stepped up and originally wrote a lot > > of this code. They might not recognize it since I've gotten my hands on > > it, but they were nice enough to get the ball rolling by giving me some > > GPL code which addressed near every request people on the malware list > > had. > > I have not looked at the code, but if I remember correctly there was another > GPLed code for file access scanning. It was called dazuko. Google gave me > http://en.wikipedia.org/wiki/Dazuko > > Maybe you can get some ideas from there as well? Maybe ideas, but it works by disabling mandatory access controls. No SELinux, no AppArmor, no SMACK, no TOMOYO, and therefore a non-starter. I certainly don't think its a good idea to take a box that I am using to try to increase organization wide security and have to lower its individual security properties. -Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists