| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20080805211243.382a878b@lxorguk.ukuu.org.uk> Date: Tue, 5 Aug 2008 21:12:43 +0100 From: Alan Cox <alan@...rguk.ukuu.org.uk> To: Arjan van de Ven <arjan@...radead.org> Cc: Eric Paris <eparis@...hat.com>, "Press, Jonathan" <Jonathan.Press@...com>, Greg KH <greg@...ah.com>, linux-kernel@...r.kernel.org, malware-list@...ts.printk.net, linux-security-module@...r.kernel.org Subject: Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linux interfaceforon access scanning > > Scripts > > get either opened or exec'd... > > (ignoring stdin-fed scripts right now.. but that's a problem regardless) Don't forget pty/tty pairs, ioctls to type chars etc > > Attempts to screen content > > can you explain? One common use for scanning is to scan content not looking for executable stuff but for things like malformed image files and the like. It's also useful for indexing and in those cases you don't really want ld.so in the way. > > Exec occuring after ld.so is compromised > > this is post-compromise scenario; if you have enough root rights to do > that then it's game over. You still want to know if you spot this. And the root rights thing assumes no selinux. For a large case of uses I would agree however. Alan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists