[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <g8053f$osb$1@ger.gmane.org>
Date: Wed, 13 Aug 2008 22:25:49 -0400
From: 7v5w7go9ub0o <7v5w7go9ub0o@...il.com>
To: linux-kernel@...r.kernel.org
Cc: malware-list@...ts.printk.net
Subject: Re: TALPA - a threat model? well sorta.
7v5w7go9ub0o wrote:
>
> 4. Again, my hope for libmalware.so/dazuko is a realtime
> integrity-management link.
>
> <end posts>
>
> HTH
>
> p.s. The question has developed, should this monitor root activities.
> IMHO, the answer is a definite YES! We are most vulnerable during
> software updating; AntiMailware signatures may stop the compilation or
> installation of a Trojan - by root.
>
I just noticed a separate discussion about integrity-checking LKMs and LSMs.
Obviously, a libmalware.so or Dazuko based integrity-checker would block
a kernel from loading in a Trojaned LKM - noting that the MD5 had
changed, and asking you to block, temporarily allow, or permanently
allow the changed module.
Another security benefit of your pursuit.
HTH
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists