| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <E1KLdgU-0001a9-7F@be1.7eggert.dyndns.org> Date: Wed, 23 Jul 2008 14:43:09 +0200 From: Bodo Eggert <7eggert@....de> To: "Rafael C. de Almeida" <almeidaraf@...il.com>, Eric Paris <eparis@...hat.com>, malware-list@...ts.printk.net, linux-kernel@...r.kernel.org Subject: Re: request for comment: generic kernel interface for malware vendors Rafael C. de Almeida <almeidaraf@...il.com> wrote: > Eric Paris wrote: >> [Kernel support for malware scanners] > I'm a newbie here, so don't take me too serious. But I don't see why > that needs a kernel interface, at least from the example on the > Documentation directory (patch 9). Seems to me you could just use file > permission to deny or allow the access for a certain file. The only > thing that would be a little trickier from user-space is to know when a > given file is read. So, talpa should do only that or you could take > advantage of preload like trickle does for bandwidth shapping. How do you ensure that the LD_PRELOAD variable stays intact and will be honored by all applications - including that commercial one supplying it's own libc, by suid-binaries and by programs written in a non-libc-language? -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists