lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.DEB.1.10.0808141837430.13400@asgard.lang.hm>
Date:	Thu, 14 Aug 2008 18:44:33 -0700 (PDT)
From:	david@...g.hm
To:	Theodore Tso <tytso@....edu>
cc:	Christoph Hellwig <hch@...radead.org>,
	Eric Paris <eparis@...hat.com>, tvrtko.ursulin@...hos.com,
	alan@...rguk.ukuu.org.uk, andi@...stfloor.org,
	Arjan van de Ven <arjan@...radead.org>,
	linux-kernel@...r.kernel.org, malware-list@...ts.printk.net,
	malware-list-bounces@...sg.printk.net, peterz@...radead.org,
	viro@...IV.linux.org.uk
Subject: Re: [malware-list] TALPA - a threat model?  well sorta.

On Thu, 14 Aug 2008, Theodore Tso wrote:

> On Thu, Aug 14, 2008 at 03:34:08PM -0400, Christoph Hellwig wrote:
>>
>> It's not used at all on regular files except for ext4 with a non-default,
>> undocumented mount option.  XFS will grow it soon in a similar way as ext4,
>> except that it will be documented or I might have even figured out by
>> then how to just enabled it from nfsd.
>
> We do need a standardized way of enabling it (since it does cost you
> something in performance, so not everyone will want it on), and a
> standardized way of reading i_version out to userspace.  Maybe a mount
> option is the right way to do it, maybe not.
>
> We may want to take this to the linux-fs list and try to get
> agreements on these points; the main reason why it's not enabled by
> default in ext4 is because the NFSv4 advanced caching code is in
> common use (is it even in mainline)?

could you do something like defining a namespace inside posix attributes 
and then setting up a mechanism in the kernel to alert if the attributes 
change (with the entire namespace getting cleared if the file gets 
dirtied)?

this would have the advantage of storing the clean/dirty state in a known 
location on the filesystem (you would need to enable posix attributes, but 
that should be an acceptable limit), and would allow multiple scanners 
(virii, indexing, etc) to do their own thing at their own schedule when 
things get dirtied.

the userspace library calls that open the files would be able to take care 
of the issue of deciding which of the configured scanners on a system 
should be called for each attribute that's not set on a file.

This would seem to require minimal kernel support

1. reserve a attribute namespace

2. clear that namespace if the file is dirtied

3. provide a notification mechanism for programs to subscribe to that 
lists all files where the namespace was not already empty when the file 
was dirtied.

everything else can be userspace.

David Lang
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ