Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforonaccess scanning

From: Arjan van de Ven
Date: Wed Aug 13 2008 - 09:59:06 EST

Next message: Tim Tassonis: "Re: reiser4 for 2.6.27-rc1"
Previous message: Kenneth Goldman: "Re: [PATCH 1/4] integrity: TPM internel kernel interface"
In reply to: Valdis . Kletnieks: "Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforonaccess scanning"
Next in thread: Arjan van de Ven: "Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforonaccess scanning"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 13 Aug 2008 14:56:38 +0200
Pavel Machek <pavel@xxxxxxx> wrote:
> So you make sure all apps are modified. Distros are good at that, and
> modifications are not that hard.
>
> Plus, proposed solution already has three unacceptable holes:
>
> 1) it only catches known signatures
>
> 2) write vs. read race mentioned above
>
> 3) mmap problem
>
> . Making sure all apps use libmalware.so is trivial compared to
> solving 3).

the other thing is.. all applications ALREADY use such a library. It's
called "glibc".

--
If you want to reach me at my work email, use arjan@xxxxxxxxxxxxxxx
For development, discussion and tips for power savings,
visit http://www.lesswatts.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tim Tassonis: "Re: reiser4 for 2.6.27-rc1"
Previous message: Kenneth Goldman: "Re: [PATCH 1/4] integrity: TPM internel kernel interface"
In reply to: Valdis . Kletnieks: "Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforonaccess scanning"
Next in thread: Arjan van de Ven: "Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforonaccess scanning"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]