lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1219085176.15566.100.camel@localhost.localdomain>
Date:	Mon, 18 Aug 2008 14:46:16 -0400
From:	Eric Paris <eparis@...hat.com>
To:	Jan Harkes <jaharkes@...cmu.edu>
Cc:	Alan Cox <alan@...rguk.ukuu.org.uk>, tvrtko.ursulin@...hos.com,
	Theodore Tso <tytso@....edu>, davecb@....com, david@...g.hm,
	Adrian Bunk <bunk@...nel.org>,
	linux-kernel <linux-kernel@...r.kernel.org>,
	malware-list@...ts.printk.net,
	Casey Schaufler <casey@...aufler-ca.com>,
	Arjan van de Ven <arjan@...radead.org>
Subject: Re: [malware-list] scanner interface proposal was: [TALPA] Intro
	to a linux interface for on access scanning

On Mon, 2008-08-18 at 14:35 -0400, Jan Harkes wrote:

> The devil is in the details, and besides everyone trying to heap other
> things on, one thing that keeps getting brought up, and seemingly keeps
> getting ignored is the fact that there already is a perfectly reasonable
> interface to pass file system events (open, close, read, write, etc) to
> userspace applications in the form of FUSE which has already in some
> ways solved issues wrt. subtle deadlocks that can happen when you bounce
> from an in-kernel context to a userspace application.

Can you help me write/prototype something that will work for every
regular file anywhere on the system including the kernel binary
in /boot, the glibc libraries in /lib/ld-linux.so, /sbin/ldconfig and
every file on every USB stick you put into the machine?  When all of
these are on separate partitions?  Every file under / needs to be
exported to the scanner.  I'm very willing to believe fuse is the way to
go for an HSM, but I don't see how to get every single file on the
system through the FUSE based scanner.

Yes propagation is an important use of file scanning (maybe the
biggest), but we clearly can't secure every part of the border, and I
don't know how to use fuse to do it all rather than just pieces and
parts.

You're absolutely right about this thread droning on.  But I've got code
that solves the problems.  If someone else shows me better code rather
than talk I'm all for it!

-Eric

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ