-----Original Message-----malware-
From: david@xxxxxxx [mailto:david@xxxxxxx]
Sent: Friday, August 15, 2008 1:47 PM
To: Press, Jonathan
Cc: Peter Zijlstra; Helge Hafting; linux-kernel@xxxxxxxxxxxxxxx;
list@xxxxxxxxxxxxxxxx; hch@xxxxxxxxxxxxx; andi@xxxxxxxxxxxxxx;of
viro@xxxxxxxxxxxxxxxxxx; alan@xxxxxxxxxxxxxxxxxxx; Arjan van de Ven
Subject: RE: [malware-list] TALPA - a threat model? well sorta.
On Fri, 15 Aug 2008, Press, Jonathan wrote:In addition, to generalize from the incorrect idea that the actionssense toroot are not being defended against to the idea that the possible
impacts of an administrator's actions in configuring an application
should not be accounted for at all in our thinking doesn't make
allme anyway.
questions had been raised about how this model could defend againstthe tricky things that root can do, the answer was that they are notback
trying to defend against root doing tricky things.
turning off the scanner, letting things get infected, and turning iton would fall in the same catagory as marking a file that the scanner
marked as bad as sucessfully scanned.
Well, I agree that there are things you can't prevent, that's for sure.
But the point is to build the "threat model" and application
functionality around the idea that IF they happen, you want to be able
to plug the resulting holes as well as you can. You can't simply close
your eyes to the possibility.