lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 14 Aug 2008 20:00:05 -0400
From:	Rik van Riel <riel@...hat.com>
To:	Pavel Machek <pavel@...e.cz>
Cc:	"Press, Jonathan" <Jonathan.Press@...com>, davecb@....com,
	Adrian Bunk <bunk@...nel.org>,
	Mihai Don??u <mdontu@...defender.com>,
	linux-kernel@...r.kernel.org, malware-list@...ts.printk.net,
	linux-security-module@...r.kernel.org,
	Arjan van de Ven <arjan@...radead.org>
Subject: Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforon
 access scanning

On Fri, 15 Aug 2008 00:39:18 +0200
Pavel Machek <pavel@...e.cz> wrote:

> > > Okay, so goal of libmalware.so is to "not allow data in the black list
> > > to pass through Linux server". Threat model is windows machines trying
> > > to copy infected files through the server. 
> > 
> > That's only part of the threat model.
> 
> Yes, that's the part libmalware.so proposal solves. Given scary number
> of 0 Linux viruses in wild, it seems to solve the problem pretty well.

If you're trolling, you're not being very good at it.

Just because you cannot easily infect a Linux system from a
user application does not mean malware cannot do all kinds
of damage with user privileges.  Think of a key sniffer (using
the same interface that the X screensavers use) or a spam bot
running with user privileges.

Firefox, OpenOffice.org and other (mostly desktop) programs are 
extremely large and complex, deal with untrusted data on a daily
basis and could be used to spread worms and get malware onto systems.

The old DOS model of "you need to infect system binaries" is not
a good description of how today's malware works.  Malware is not
there to infect a system "as much as possible", but to accomplish
actual malice.

Consequently, the number of acceptable attack vectors on a system
is pretty large and we should protect against these kinds of
programs.

It would be good to get this additional layer of protection against
malware in place, before people start developing Linux malware.

-- 
All rights reversed.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ