lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4898379D.2060709@aitel.hist.no>
Date:	Tue, 05 Aug 2008 13:21:01 +0200
From:	Helge Hafting <helge.hafting@...el.hist.no>
To:	Greg KH <greg@...ah.com>
CC:	Eric Paris <eparis@...hat.com>, malware-list@...ts.printk.net,
	linux-kernel@...r.kernel.org
Subject: Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linux interface	for
 on access scanning

Greg KH wrote:
>
>
> I don't see anything in the list above that make this a requirement that
> the code to do this be placed within the kernel.
>
> What is wrong with doing it in glibc or some other system-wide library
> (LD_PRELOAD hooks, etc.)?
>   

A linux virus would trivially get around that by doing its own syscalls
instead of using glibc. (It might still link dynamically to glibc so
you don't get suspicious, but won' actually use it when doing bad stuff.)

Helge Hafting
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ