lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20080813135207.CC08C3765BC@pmx1.sophos.com>
Date:	Wed, 13 Aug 2008 14:52:01 +0100
From:	tvrtko.ursulin@...hos.com
To:	Pavel Machek <pavel@...e.cz>
Cc:	Arjan van de Ven <arjan@...radead.org>,
	Adrian Bunk <bunk@...nel.org>, davecb@....com,
	Greg KH <greg@...ah.com>,
	"Press, Jonathan" <Jonathan.Press@...com>,
	linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org,
	malware-list@...ts.printk.net,
	Mihai Don??u <mdontu@...defender.com>
Subject: Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforon access
 scanning

Pavel Machek wrote on 13/08/2008 13:56:38:

Big snip since I am really only curious about libmalware.so.

> Plus, proposed solution already has three unacceptable holes:
> 
> 1) it only catches known signatures
> 2) write vs. read race mentioned above

Discussions about perfect, better or no security are in danger of becoming 
boring.

> 3) mmap problem
> 
> . Making sure all apps use libmalware.so is trivial compared to
> solving 3).

You haven't answered what exactly is this libmalware.so, since you are the 
only one mentioning it? It would be interesting to learn how it solves the 
mmap problem, provides perfect security so it is acceptable, handles the 
kernel NFS server serving malicious files, caters for applications which 
do not use it, is better (more secure) than the kernel solution, provides 
reasonalbe performance and is easier to maintain for the community? To 
list only some of the requirements which have been mentioned so far.

--
Tvrtko A. Ursulin
Senior Software Engineer, Sophos

"Views and opinions expressed in this email are strictly those of the 
author.
 The contents has not been reviewed or approved by Sophos."


Sophos Plc, The Pentagon, Abingdon Science Park, Abingdon,
OX14 3YP, United Kingdom.

Company Reg No 2096520. VAT Reg No GB 348 3873 20.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ