[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1218646065.3540.75.camel@localhost.localdomain>
Date: Wed, 13 Aug 2008 12:47:45 -0400
From: Eric Paris <eparis@...hat.com>
To: Alan Cox <alan@...rguk.ukuu.org.uk>
Cc: linux-kernel@...r.kernel.org, malware-list@...ts.printk.net,
andi@...stfloor.org, riel@...hat.com, greg@...ah.com,
tytso@....edu, viro@...IV.linux.org.uk, arjan@...radead.org,
peterz@...radead.org, hch@...radead.org
Subject: Re: TALPA - a threat model? well sorta.
On Wed, 2008-08-13 at 17:24 +0100, Alan Cox wrote:
> > So, what is it that anti-malware companies do? They scan files. That's
> > it.
>
> Good so lets instead have a discussion about making the file event
> notification more scalable. That is the same thing I want for content
> indexing. It is the same thing you want for certain kinds of smart
> archiving, for on-line asynchronous backup and other stuff.
>
> It ought to be a simple clean syscall interface.
Are you willing to make it blocking? I'm not sure how to make what we
have capable of assuring that the object you got a notification about is
actually the object you are acting on. Thoughts on how to accomplish
that? I'm here to code and I'm willing to throw all my work in the
garbage if someone can show me how to actually do it better.
-Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists