[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080805123136.0073e52f@lxorguk.ukuu.org.uk>
Date: Tue, 5 Aug 2008 12:31:36 +0100
From: Alan Cox <alan@...rguk.ukuu.org.uk>
To: Christoph Hellwig <hch@...radead.org>
Cc: Eric Paris <eparis@...hat.com>,
Christoph Hellwig <hch@...radead.org>,
Greg KH <greg@...ah.com>, malware-list@...ts.printk.net,
linux-kernel@...r.kernel.org
Subject: Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linux interface for
on access scanning
> No, I want a sane security policy in kernelsapce that doesn't look
> at the content because doing security by content properly is equivalent
> to solving the halting problem. I couldn't give a rats a** about
> windows viruses as they can't actually cause any harm on a Linux
> machine.
Go on then.. post patches.
I think your are being incredibly naïve. Our memory debugging is not 100%
solid but work by heuristic. Our lock analysis doesn't solve the halting
problem but is extremely useful and so on.
> Well, data can change all the time, as can the path name. This whole
> content scanning thing doesn't make any sense at all.
Phone numbers change all the time, shall we burn all the phone books ?
> So make this opt-in and in userspace. Just LD_PRELOAD some monster lib
> doing all the horrible things you propose and use it wherever you want.
Rather tricky as the needed hooks don't exist and you need to get ahead
of even ld.so as well as protect suid apps. You've clearly not even
thought about the problem space before sounding off because there are
more elegant ways of tackling it even if you want to push it at
userspace, and ones that aren't implausible like LD_PRELOAD.
If you'd applied even 30 seconds thought you would at least be pointing
people at FUSE or a stacking fs.
Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists