Re: request for comment: generic kernel interface for malware vendors

From: Bodo Eggert
Date: Wed Jul 23 2008 - 08:40:10 EST

Rafael C. de Almeida <almeidaraf@xxxxxxxxx> wrote:
> Eric Paris wrote:

>> [Kernel support for malware scanners]

> I'm a newbie here, so don't take me too serious. But I don't see why
> that needs a kernel interface, at least from the example on the
> Documentation directory (patch 9). Seems to me you could just use file
> permission to deny or allow the access for a certain file. The only
> thing that would be a little trickier from user-space is to know when a
> given file is read. So, talpa should do only that or you could take
> advantage of preload like trickle does for bandwidth shapping.

How do you ensure that the LD_PRELOAD variable stays intact and will be
honored by all applications - including that commercial one supplying it's
own libc, by suid-binaries and by programs written in a non-libc-language?

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at