| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 Aug 2008 22:25:49 -0400 From: 7v5w7go9ub0o <7v5w7go9ub0o@...il.com> To: linux-kernel@...r.kernel.org Cc: malware-list@...ts.printk.net Subject: Re: TALPA - a threat model? well sorta. 7v5w7go9ub0o wrote: > > 4. Again, my hope for libmalware.so/dazuko is a realtime > integrity-management link. > > <end posts> > > HTH > > p.s. The question has developed, should this monitor root activities. > IMHO, the answer is a definite YES! We are most vulnerable during > software updating; AntiMailware signatures may stop the compilation or > installation of a Trojan - by root. > I just noticed a separate discussion about integrity-checking LKMs and LSMs. Obviously, a libmalware.so or Dazuko based integrity-checker would block a kernel from loading in a Trojaned LKM - noting that the MD5 had changed, and asking you to block, temporarily allow, or permanently allow the changed module. Another security benefit of your pursuit. HTH -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists