| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.DEB.1.10.0808181159400.15109@asgard.lang.hm> Date: Mon, 18 Aug 2008 12:04:36 -0700 (PDT) From: david@...g.hm To: Eric Paris <eparis@...hat.com> cc: Jan Harkes <jaharkes@...cmu.edu>, Alan Cox <alan@...rguk.ukuu.org.uk>, tvrtko.ursulin@...hos.com, Theodore Tso <tytso@....edu>, davecb@....com, Adrian Bunk <bunk@...nel.org>, linux-kernel <linux-kernel@...r.kernel.org>, malware-list@...ts.printk.net, Casey Schaufler <casey@...aufler-ca.com>, Arjan van de Ven <arjan@...radead.org> Subject: Re: [malware-list] scanner interface proposal was: [TALPA] Intro to a linux interface for on access scanning On Mon, 18 Aug 2008, Eric Paris wrote: > On Mon, 2008-08-18 at 14:35 -0400, Jan Harkes wrote: > >> The devil is in the details, and besides everyone trying to heap other >> things on, one thing that keeps getting brought up, and seemingly keeps >> getting ignored is the fact that there already is a perfectly reasonable >> interface to pass file system events (open, close, read, write, etc) to >> userspace applications in the form of FUSE which has already in some >> ways solved issues wrt. subtle deadlocks that can happen when you bounce >> from an in-kernel context to a userspace application. > > Can you help me write/prototype something that will work for every > regular file anywhere on the system including the kernel binary > in /boot, the glibc libraries in /lib/ld-linux.so, /sbin/ldconfig and > every file on every USB stick you put into the machine? When all of > these are on separate partitions? Every file under / needs to be > exported to the scanner. I'm very willing to believe fuse is the way to > go for an HSM, but I don't see how to get every single file on the > system through the FUSE based scanner. > > Yes propagation is an important use of file scanning (maybe the > biggest), but we clearly can't secure every part of the border, and I > don't know how to use fuse to do it all rather than just pieces and > parts. > > You're absolutely right about this thread droning on. But I've got code > that solves the problems. If someone else shows me better code rather > than talk I'm all for it! the issue is that the kernel developers are not that interested in creating one-off interfaces for anti-virus scanners. If the interfaces are more general and able to be used for a wider variety of problems they are much more interested in having them implemented. unfortunantly you went off and developed a bunch of code before talking to people about what the appropriate interfaces would look like, (this is a common problem, see the 'how to participate in the kernel' document at http://ldn.linuxfoundation.org/book/how-participate-linux-community) David Lang -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists