Re: request for comment: generic kernel interface for malwarevendors

From: Eric Paris
Date: Mon Jul 21 2008 - 20:26:01 EST


On Mon, 2008-07-21 at 20:14 +0200, Christian Borntraeger wrote:
> Am Montag, 21. Juli 2008 schrieb Eric Paris:
> > First I'd like to thank Sophos who stepped up and originally wrote a lot
> > of this code. They might not recognize it since I've gotten my hands on
> > it, but they were nice enough to get the ball rolling by giving me some
> > GPL code which addressed near every request people on the malware list
> > had.
>
> I have not looked at the code, but if I remember correctly there was another
> GPLed code for file access scanning. It was called dazuko. Google gave me
> http://en.wikipedia.org/wiki/Dazuko
>
> Maybe you can get some ideas from there as well?

Maybe ideas, but it works by disabling mandatory access controls. No
SELinux, no AppArmor, no SMACK, no TOMOYO, and therefore a non-starter.

I certainly don't think its a good idea to take a box that I am using to
try to increase organization wide security and have to lower its
individual security properties.

-Eric

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/