[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080813065854.10bd9b06@infradead.org>
Date: Wed, 13 Aug 2008 06:58:54 -0700
From: Arjan van de Ven <arjan@...radead.org>
To: Pavel Machek <pavel@...e.cz>
Cc: "Press, Jonathan" <Jonathan.Press@...com>, davecb@....com,
Mihai Don??u <mdontu@...defender.com>,
Adrian Bunk <bunk@...nel.org>, tvrtko.ursulin@...hos.com,
Greg KH <greg@...ah.com>, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org,
malware-list@...ts.printk.net
Subject: Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforon
access scanning
On Wed, 13 Aug 2008 14:56:38 +0200
Pavel Machek <pavel@...e.cz> wrote:
> So you make sure all apps are modified. Distros are good at that, and
> modifications are not that hard.
>
> Plus, proposed solution already has three unacceptable holes:
>
> 1) it only catches known signatures
>
> 2) write vs. read race mentioned above
>
> 3) mmap problem
>
> . Making sure all apps use libmalware.so is trivial compared to
> solving 3).
the other thing is.. all applications ALREADY use such a library. It's
called "glibc".
--
If you want to reach me at my work email, use arjan@...ux.intel.com
For development, discussion and tips for power savings,
visit http://www.lesswatts.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists