| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20080811224516.57194a54@lxorguk.ukuu.org.uk> Date: Mon, 11 Aug 2008 22:45:16 +0100 From: Alan Cox <alan@...rguk.ukuu.org.uk> To: daw-news@...berkeley.edu (David Wagner) Cc: daw@...berkeley.edu, linux-kernel@...r.kernel.org Subject: Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforon access scanning On Mon, 11 Aug 2008 21:53:23 +0000 (UTC) daw@...berkeley.edu (David Wagner) wrote: > David Collier-Brown writes: > >Arjan van de Ven wrote: > >> we do still appreciate your description, since I don't think there's a > >> clear "here's what we really try to protect against" statement yet. > > > > Perhaps I could try: the AV folks are trying to prevent the > >execution of either modified normal binaries/files or > >specifically exploit binaries/files, by machines for which the > >files are executable or interpretable. > > 1. We already know how to prevent/detect modifications to > normal binaries. See Tripwire etc. As far as I know, no new > kernel technology is needed. Tripwire is incredibly ineffecient and ineffectual because we don't have a scalable 'file was modified' notifier Alan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists