Re: request for comment: generic kernel interface for malwarevendors

From: Arjan van de Ven
Date: Wed Jul 23 2008 - 11:29:34 EST

On Wed, 23 Jul 2008 14:43:09 +0200
Bodo Eggert <7eggert@xxxxxx> wrote:

> Rafael C. de Almeida <almeidaraf@xxxxxxxxx> wrote:
> > Eric Paris wrote:
> >> [Kernel support for malware scanners]
> > I'm a newbie here, so don't take me too serious. But I don't see why
> > that needs a kernel interface, at least from the example on the
> > Documentation directory (patch 9). Seems to me you could just use
> > file permission to deny or allow the access for a certain file. The
> > only thing that would be a little trickier from user-space is to
> > know when a given file is read. So, talpa should do only that or
> > you could take advantage of preload like trickle does for bandwidth
> > shapping.
> How do you ensure that the LD_PRELOAD variable stays intact and will
> be honored by all applications - including that commercial one
> supplying it's own libc, by suid-binaries and by programs written in
> a non-libc-language?

neither approach is fool proof for that matter
it's just a matter of how high you want to put the bar.

that's why it's really important to see the design ideas for this
code... to figure out what it is supposed to do ;)

If you want to reach me at my work email, use arjan@xxxxxxxxxxxxxxx
For development, discussion and tips for power savings,
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at