Re: TALPA - a threat model? well sorta.

From: Christoph Hellwig
Date: Wed Aug 13 2008 - 13:07:30 EST

Next message: Andrew Morton: "Re: [PATCH] kexec jump: fix code size checking"
Previous message: David Witbrodt: "Re: HPET regression in 2.6.26 versus 2.6.25 -- experimental revert for 2.6.27 failed"
In reply to: Arjan van de Ven: "Re: [malware-list] TALPA - a threat model? well sorta."
Next in thread: Arnd Bergmann: "Re: TALPA - a threat model? well sorta."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Aug 13, 2008 at 05:24:37PM +0100, Alan Cox wrote:
> > So, what is it that anti-malware companies do? They scan files. That's
> > it.
>
> Good so lets instead have a discussion about making the file event
> notification more scalable. That is the same thing I want for content
> indexing. It is the same thing you want for certain kinds of smart
> archiving, for on-line asynchronous backup and other stuff.

Also for hierachial storage management, which also shares they other
requirement with the AV crowd that it want to be able to block the
calling process until the notification is ACKed (for recalling data
from offline media).

> It ought to be a simple clean syscall interface.

I was wondering whether to piggy-back on the audit code was the best
idea here..
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: [PATCH] kexec jump: fix code size checking"
Previous message: David Witbrodt: "Re: HPET regression in 2.6.26 versus 2.6.25 -- experimental revert for 2.6.27 failed"
In reply to: Arjan van de Ven: "Re: [malware-list] TALPA - a threat model? well sorta."
Next in thread: Arnd Bergmann: "Re: TALPA - a threat model? well sorta."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]