lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <874p5y7tw0.fsf@basil.nowhere.org>
Date:	Wed, 06 Aug 2008 04:35:27 +0200
From:	Andi Kleen <andi@...stfloor.org>
To:	Eric Paris <eparis@...hat.com>
Cc:	malware-list@...ts.printk.net, linux-kernel@...r.kernel.org
Subject: Re: [RFC 0/5] [TALPA] Intro to a linux interface for on access scanning

Eric Paris <eparis@...hat.com> writes:

> 5. Fine-grained caching
> -----------------------
> It is necessary to select which filesystems can be safely cached and
> which must not be. For example it is not a good idea to allow caching of
> network filesystems because their content can be changed invisibly. Disk
> based and some virtual filesystems can be cached safely on the other
> hand.

Actually local disk file systems can be changed invisibly to the VFS too by 
directly writing to the block device. This does not change the
page cache, but the on disk copy and when a page is pruned from
RAM and reloaded VFS will see the new contents without knowing
about any change. How would you stop that in your
proposal? I assume you could always require a special LKM that
forbids block writes for anything mounted, but that has other problems 
too and one wuld need to be extremly careful of holes in
such a protection scheme (e.g. overlapping partitions) 

[haven't read the rest of the proposal]

-Andi

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ