| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20080813170708.GA17076@infradead.org> Date: Wed, 13 Aug 2008 13:07:08 -0400 From: Christoph Hellwig <hch@...radead.org> To: Alan Cox <alan@...rguk.ukuu.org.uk> Cc: Eric Paris <eparis@...hat.com>, linux-kernel@...r.kernel.org, malware-list@...ts.printk.net, andi@...stfloor.org, riel@...hat.com, greg@...ah.com, tytso@....edu, viro@...IV.linux.org.uk, arjan@...radead.org, peterz@...radead.org, hch@...radead.org Subject: Re: TALPA - a threat model? well sorta. On Wed, Aug 13, 2008 at 05:24:37PM +0100, Alan Cox wrote: > > So, what is it that anti-malware companies do? They scan files. That's > > it. > > Good so lets instead have a discussion about making the file event > notification more scalable. That is the same thing I want for content > indexing. It is the same thing you want for certain kinds of smart > archiving, for on-line asynchronous backup and other stuff. Also for hierachial storage management, which also shares they other requirement with the AV crowd that it want to be able to block the calling process until the notification is ACKed (for recalling data from offline media). > It ought to be a simple clean syscall interface. I was wondering whether to piggy-back on the audit code was the best idea here.. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists