| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <48A94A55.2080309@aitel.hist.no> Date: Mon, 18 Aug 2008 12:09:25 +0200 From: Helge Hafting <helge.hafting@...el.hist.no> To: "Press, Jonathan" <Jonathan.Press@...com> CC: Theodore Tso <tytso@....edu>, douglas.leeder@...hos.com, alan@...rguk.ukuu.org.uk, andi@...stfloor.org, Arjan van de Ven <arjan@...radead.org>, hch@...radead.org, linux-kernel@...r.kernel.org, malware-list@...ts.printk.net, Peter Zijlstra <peterz@...radead.org>, viro@...IV.linux.org.uk Subject: Re: [malware-list] TALPA - a threat model? well sorta. Press, Jonathan wrote: >> -----Original Message----- >> From: Theodore Tso [mailto:tytso@....edu] >> Sent: Friday, August 15, 2008 1:05 PM >> To: douglas.leeder@...hos.com >> Cc: Press, Jonathan; alan@...rguk.ukuu.org.uk; andi@...stfloor.org; >> > Arjan van de > >> Ven; hch@...radead.org; Helge Hafting; linux-kernel@...r.kernel.org; >> > malware- > >> list@...ts.printk.net; Peter Zijlstra; viro@...IV.linux.org.uk >> Subject: Re: [malware-list] TALPA - a threat model? well sorta. >> >> >>> Not to mention removable media - it might be old hat, but >>> > infected/malware > >>> files can come in on floppies, CDs or USB flash discs careless left >>> > on the > >>> pavement outside an office. >>> >> That's not a problem given the scanning model proposed by Eric; when >> you insert removable media, it will get scanned when it is first >> accessed. >> > > That is exactly the idea. However, the context of this particular > thread was the following statement by Helge Hafting: > > It seems to me that this "scan on file open" business is the > wrong > way to do things - because it reduces performance. > > If you scan on file open, then your security sw is too late and > getting in the way. > > > We were just pointing out that this is not a good argument in practical > terms AGAINST scanning on open. In fact, your reply completely > reinforces that point. > Scanning on open should be a last resort. Scan in advance when you can. Of course, removable media cannot be scanned until it is inserted and mounted, that is obvious. The scanning can start as soon as the filesystem is mounted though, there is no reason to wait until users try to access something. A CD inserted into a CD-server may not necessarily be needed immediately, so scanning in advance will help here too. The user inserting a CD in a home computer may start to use stuff right away, or perhaps he spends some time reading the docs before a complicated install. Sill room for some scanning in advance, which also may end up with the nice effect of caching the CD. Helge Hafting -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists