linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Stephen Hemminger <shemminger@linux-foundation.org>
To: Jon Masters <jcm@redhat.com>
Cc: James Morris <jmorris@namei.org>,
	tvrtko.ursulin@sophos.com, linux-kernel@vger.kernel.org,
	Greg KH <greg@kroah.com>
Subject: Re: Out of tree module using LSM
Date: Thu, 29 Nov 2007 08:51:48 -0800	[thread overview]
Message-ID: <20071129085148.5dff3636@freepuppy.rosehill> (raw)
In-Reply-To: <1196353666.6473.43.camel@perihelion>

On Thu, 29 Nov 2007 11:27:45 -0500
Jon Masters <jcm@redhat.com> wrote:

> On Thu, 2007-11-29 at 11:12 +1100, James Morris wrote:
> > On Wed, 28 Nov 2007, tvrtko.ursulin@sophos.com wrote:
> > 
> > > So as there is no question the current code does some ugly things it is 
> > > even more true that we would be even more happy to use an official API. 
> > 
> > How about becoming involved in creating that official API ?
> 
> Sophos are interested in doing so, and we have spoken about this several
> times recently over the phone. This is why they sent the email in
> question yesterday, to kickstart debate. And that's awesome. I am trying
> to bring a few of these folks together at the moment, so that we can get
> a solution that is acceptable to upstream at some point in the future.
> 
> So, rather than criticise their current code, or their intentions, or
> blanketly dismiss the virus protection market, perhaps we can focus
> instead on the fact that there is a known third party who wishes to
> perform a task that is not well supportable at this moment. We can all
> agree the syscall table hacking isn't such a good idea - but these guys
> are *very* open to listening to useful alternative suggestions.
> 
> They (virus protection folks) generally think they want to intercept
> various system calls, such as open() and block until they have performed
> a scan operation on the file. I explained the mmap issue to several of
> these companies recently, in quite some detail, and I know they are
> interested in listening this time around :-) At the end of the day, what
> I have been lead to believe is that they don't care whether they
> intercept syscall entries, or use a better method, they just want to
> scan files and take some action if a file is "bad". That's it really.
> 
> I have been trying to put together an exact feature set that is needed
> from these different vendors, so we can discuss it further here, and
> hopefully actually get somewhere, too. There have been a few delays
> after I pointed out the mmap issues at some length.
> 

Perhaps this kind of scanning belongs in the application. Couldn't an
apache or samba have a plugin to do it?

-- 
Stephen Hemminger <shemminger@linux-foundation.org>

  parent reply	other threads:[~2007-11-29 16:53 UTC|newest]

Thread overview: 73+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-11-28 12:42 Out of tree module using LSM Tvrtko A. Ursulin
2007-11-28 14:41 ` Christoph Hellwig
2007-11-28 16:38   ` Casey Schaufler
2007-11-28 16:46     ` Christoph Hellwig
2007-11-28 17:39       ` Stephen Hemminger
2007-11-28 18:22         ` tvrtko.ursulin
2007-11-28 19:50           ` Alan Cox
2007-11-29 16:12             ` tvrtko.ursulin
2007-11-29  0:12           ` James Morris
2007-11-29 16:27             ` Jon Masters
2007-11-29 16:51               ` Greg KH
2007-11-29 16:51               ` Stephen Hemminger [this message]
2007-11-29 16:52               ` Jan Engelhardt
2007-11-29  0:51           ` Jan Engelhardt
2007-11-29  1:45             ` Casey Schaufler
2007-11-28 18:15       ` Valdis.Kletnieks
2007-11-28 18:30         ` Al Viro
2007-11-29  0:38           ` Greg KH
2007-11-29  0:53             ` Jan Engelhardt
2007-11-29  1:07               ` Greg KH
2007-11-29 16:36                 ` Jon Masters
2007-11-29 16:47                   ` Greg KH
2007-11-29 16:53                     ` Jan Engelhardt
2007-11-29 16:57                       ` Christoph Hellwig
2007-11-29 17:27                         ` Alan Cox
2007-11-29 22:58                           ` Andi Kleen
2007-12-08 10:50                             ` Pavel Machek
2007-11-29 17:03                       ` Greg KH
2007-11-29 17:35                         ` Ray Lee
2007-11-29 17:45                           ` Greg KH
2007-11-29 18:03                             ` Ray Lee
2007-11-29 18:19                               ` Justin Banks
2007-11-29 18:38                                 ` Jon Masters
2007-11-29 17:51                           ` Al Viro
2007-11-29 17:05                     ` Jon Masters
2007-11-29 17:14                       ` Greg KH
2007-11-29 16:26           ` tvrtko.ursulin
2007-11-29 17:36             ` Alan Cox
2007-11-29 18:40               ` Ray Lee
2007-11-29 18:56                 ` Jon Masters
2007-11-29 19:11                   ` Ray Lee
2007-11-29 19:45                     ` Jon Masters
2007-11-29 20:56                       ` Valdis.Kletnieks
2007-11-29 22:08                         ` Al Viro
2007-11-30  0:50                           ` James Morris
2007-11-29 23:31                         ` Jon Masters
2007-11-29 21:45                       ` Alan Cox
2007-11-29 22:12                         ` Justin Banks
2007-11-30  1:48                           ` Al Viro
2007-11-30 15:37                             ` Justin Banks
2007-11-29 23:34                         ` Jon Masters
2007-11-30  6:20                           ` Valdis.Kletnieks
2007-11-30 13:30                             ` Alan Cox
2007-11-29 21:09               ` Andi Kleen
2007-11-28 19:20 ` Andi Kleen
2007-11-28 19:52   ` Alan Cox
2007-11-28 20:05     ` Valdis.Kletnieks
2007-11-29 16:39   ` tvrtko.ursulin
2007-12-01  8:43     ` Pavel Machek
2007-12-02 19:44       ` Valdis.Kletnieks
2007-12-02 20:02         ` Arjan van de Ven
2007-12-02 20:06         ` Andi Kleen
2007-12-02 20:22         ` Pavel Machek
2007-12-02 21:09           ` Valdis.Kletnieks
2007-12-02 21:56             ` Pavel Machek
2007-12-02 23:15               ` Jan Engelhardt
2007-12-02 23:23                 ` Pavel Machek
2007-11-29  0:58 ` Greg KH
2007-11-30 20:52 Crispin Cowan
2007-11-30 21:36 ` James Morris
2007-11-30 23:52   ` Crispin Cowan
2007-12-01  0:05     ` James Morris
     [not found] <9uzZr-6iz-19@gated-at.bofh.it>
     [not found] ` <9uUrm-5w3-27@gated-at.bofh.it>
     [not found]   ` <9uVGz-7uQ-19@gated-at.bofh.it>
     [not found]     ` <9uWCC-xI-13@gated-at.bofh.it>
     [not found]       ` <9uWMp-Ix-13@gated-at.bofh.it>
     [not found]         ` <9uX5A-1rs-1@gated-at.bofh.it>
     [not found]           ` <9uXyK-24f-23@gated-at.bofh.it>
2007-12-03 22:45             ` Bodo Eggert

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20071129085148.5dff3636@freepuppy.rosehill \
    --to=shemminger@linux-foundation.org \
    --cc=greg@kroah.com \
    --cc=jcm@redhat.com \
    --cc=jmorris@namei.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=tvrtko.ursulin@sophos.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).