From: Stephen Hemminger <shemminger@linux-foundation.org>
To: Jon Masters <jcm@redhat.com>
Cc: James Morris <jmorris@namei.org>,
tvrtko.ursulin@sophos.com, linux-kernel@vger.kernel.org,
Greg KH <greg@kroah.com>
Subject: Re: Out of tree module using LSM
Date: Thu, 29 Nov 2007 08:51:48 -0800 [thread overview]
Message-ID: <20071129085148.5dff3636@freepuppy.rosehill> (raw)
In-Reply-To: <1196353666.6473.43.camel@perihelion>
On Thu, 29 Nov 2007 11:27:45 -0500
Jon Masters <jcm@redhat.com> wrote:
> On Thu, 2007-11-29 at 11:12 +1100, James Morris wrote:
> > On Wed, 28 Nov 2007, tvrtko.ursulin@sophos.com wrote:
> >
> > > So as there is no question the current code does some ugly things it is
> > > even more true that we would be even more happy to use an official API.
> >
> > How about becoming involved in creating that official API ?
>
> Sophos are interested in doing so, and we have spoken about this several
> times recently over the phone. This is why they sent the email in
> question yesterday, to kickstart debate. And that's awesome. I am trying
> to bring a few of these folks together at the moment, so that we can get
> a solution that is acceptable to upstream at some point in the future.
>
> So, rather than criticise their current code, or their intentions, or
> blanketly dismiss the virus protection market, perhaps we can focus
> instead on the fact that there is a known third party who wishes to
> perform a task that is not well supportable at this moment. We can all
> agree the syscall table hacking isn't such a good idea - but these guys
> are *very* open to listening to useful alternative suggestions.
>
> They (virus protection folks) generally think they want to intercept
> various system calls, such as open() and block until they have performed
> a scan operation on the file. I explained the mmap issue to several of
> these companies recently, in quite some detail, and I know they are
> interested in listening this time around :-) At the end of the day, what
> I have been lead to believe is that they don't care whether they
> intercept syscall entries, or use a better method, they just want to
> scan files and take some action if a file is "bad". That's it really.
>
> I have been trying to put together an exact feature set that is needed
> from these different vendors, so we can discuss it further here, and
> hopefully actually get somewhere, too. There have been a few delays
> after I pointed out the mmap issues at some length.
>
Perhaps this kind of scanning belongs in the application. Couldn't an
apache or samba have a plugin to do it?
--
Stephen Hemminger <shemminger@linux-foundation.org>
next prev parent reply other threads:[~2007-11-29 16:53 UTC|newest]
Thread overview: 73+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-11-28 12:42 Out of tree module using LSM Tvrtko A. Ursulin
2007-11-28 14:41 ` Christoph Hellwig
2007-11-28 16:38 ` Casey Schaufler
2007-11-28 16:46 ` Christoph Hellwig
2007-11-28 17:39 ` Stephen Hemminger
2007-11-28 18:22 ` tvrtko.ursulin
2007-11-28 19:50 ` Alan Cox
2007-11-29 16:12 ` tvrtko.ursulin
2007-11-29 0:12 ` James Morris
2007-11-29 16:27 ` Jon Masters
2007-11-29 16:51 ` Greg KH
2007-11-29 16:51 ` Stephen Hemminger [this message]
2007-11-29 16:52 ` Jan Engelhardt
2007-11-29 0:51 ` Jan Engelhardt
2007-11-29 1:45 ` Casey Schaufler
2007-11-28 18:15 ` Valdis.Kletnieks
2007-11-28 18:30 ` Al Viro
2007-11-29 0:38 ` Greg KH
2007-11-29 0:53 ` Jan Engelhardt
2007-11-29 1:07 ` Greg KH
2007-11-29 16:36 ` Jon Masters
2007-11-29 16:47 ` Greg KH
2007-11-29 16:53 ` Jan Engelhardt
2007-11-29 16:57 ` Christoph Hellwig
2007-11-29 17:27 ` Alan Cox
2007-11-29 22:58 ` Andi Kleen
2007-12-08 10:50 ` Pavel Machek
2007-11-29 17:03 ` Greg KH
2007-11-29 17:35 ` Ray Lee
2007-11-29 17:45 ` Greg KH
2007-11-29 18:03 ` Ray Lee
2007-11-29 18:19 ` Justin Banks
2007-11-29 18:38 ` Jon Masters
2007-11-29 17:51 ` Al Viro
2007-11-29 17:05 ` Jon Masters
2007-11-29 17:14 ` Greg KH
2007-11-29 16:26 ` tvrtko.ursulin
2007-11-29 17:36 ` Alan Cox
2007-11-29 18:40 ` Ray Lee
2007-11-29 18:56 ` Jon Masters
2007-11-29 19:11 ` Ray Lee
2007-11-29 19:45 ` Jon Masters
2007-11-29 20:56 ` Valdis.Kletnieks
2007-11-29 22:08 ` Al Viro
2007-11-30 0:50 ` James Morris
2007-11-29 23:31 ` Jon Masters
2007-11-29 21:45 ` Alan Cox
2007-11-29 22:12 ` Justin Banks
2007-11-30 1:48 ` Al Viro
2007-11-30 15:37 ` Justin Banks
2007-11-29 23:34 ` Jon Masters
2007-11-30 6:20 ` Valdis.Kletnieks
2007-11-30 13:30 ` Alan Cox
2007-11-29 21:09 ` Andi Kleen
2007-11-28 19:20 ` Andi Kleen
2007-11-28 19:52 ` Alan Cox
2007-11-28 20:05 ` Valdis.Kletnieks
2007-11-29 16:39 ` tvrtko.ursulin
2007-12-01 8:43 ` Pavel Machek
2007-12-02 19:44 ` Valdis.Kletnieks
2007-12-02 20:02 ` Arjan van de Ven
2007-12-02 20:06 ` Andi Kleen
2007-12-02 20:22 ` Pavel Machek
2007-12-02 21:09 ` Valdis.Kletnieks
2007-12-02 21:56 ` Pavel Machek
2007-12-02 23:15 ` Jan Engelhardt
2007-12-02 23:23 ` Pavel Machek
2007-11-29 0:58 ` Greg KH
2007-11-30 20:52 Crispin Cowan
2007-11-30 21:36 ` James Morris
2007-11-30 23:52 ` Crispin Cowan
2007-12-01 0:05 ` James Morris
[not found] <9uzZr-6iz-19@gated-at.bofh.it>
[not found] ` <9uUrm-5w3-27@gated-at.bofh.it>
[not found] ` <9uVGz-7uQ-19@gated-at.bofh.it>
[not found] ` <9uWCC-xI-13@gated-at.bofh.it>
[not found] ` <9uWMp-Ix-13@gated-at.bofh.it>
[not found] ` <9uX5A-1rs-1@gated-at.bofh.it>
[not found] ` <9uXyK-24f-23@gated-at.bofh.it>
2007-12-03 22:45 ` Bodo Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20071129085148.5dff3636@freepuppy.rosehill \
--to=shemminger@linux-foundation.org \
--cc=greg@kroah.com \
--cc=jcm@redhat.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tvrtko.ursulin@sophos.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).