From: Valdis.Kletnieks@vt.edu
To: Jon Masters <jonathan@jonmasters.org>
Cc: Ray Lee <ray-lk@madrabbit.org>,
Alan Cox <alan@lxorguk.ukuu.org.uk>,
tvrtko.ursulin@sophos.com, Al Viro <viro@ftp.linux.org.uk>,
Casey Schaufler <casey@schaufler-ca.com>,
Christoph Hellwig <hch@infradead.org>,
linux-kernel@vger.kernel.org
Subject: Re: Out of tree module using LSM
Date: Thu, 29 Nov 2007 15:56:28 -0500 [thread overview]
Message-ID: <2812.1196369788@turing-police.cc.vt.edu> (raw)
In-Reply-To: Your message of "Thu, 29 Nov 2007 14:45:51 EST." <1196365551.6473.103.camel@perihelion>
[-- Attachment #1: Type: text/plain, Size: 1535 bytes --]
On Thu, 29 Nov 2007 14:45:51 EST, Jon Masters said:
> Ah, but I could write a sequence of pages that on their own looked
> garbage, but in reality, when executed would print out a copy of the
> Jargon File in all its glory. And if you still think you could look for
> patterns, how about executable code that self-modifies in random ways
> but when executed as a whole actually has the functionality of fetchmail
> embedded within it? How would you guard against that?
So, just because Fred Cohen showed in his PhD thesis that *perfect* virus/malware
scanning is equivalent to the Turing Halting Problem, we should abandon
efforts to make a 99.9998% workable system?
Yes, most of these schemes *can* be bypassed because some malicious code does a
mmap() or similar trick. But what is being overlooked here is that in most
cases, what is *desired* is a way to filter things being handled by *non*
malicious code. Yeah, sure, a shar archive can contain a binary that does evil
things - but if we stop /bin/cp from copying the file that has the evil in it,
it's a non-issue.
Let's get real here guys - trying to do *absolutely perfect* security is
pointless. You want to do security that reduces your *total* cost - and in
most cases this means "pretty good security" that stops "almost all issues".
As Linus reminds us once in a while - the perfect is the enemy of the good.
In this case, we don't *need* to be perfect - we only need to be noticably
better than another well-known operating system that isn't even very good at
it.
[-- Attachment #2: Type: application/pgp-signature, Size: 226 bytes --]
next prev parent reply other threads:[~2007-11-29 20:57 UTC|newest]
Thread overview: 73+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-11-28 12:42 Out of tree module using LSM Tvrtko A. Ursulin
2007-11-28 14:41 ` Christoph Hellwig
2007-11-28 16:38 ` Casey Schaufler
2007-11-28 16:46 ` Christoph Hellwig
2007-11-28 17:39 ` Stephen Hemminger
2007-11-28 18:22 ` tvrtko.ursulin
2007-11-28 19:50 ` Alan Cox
2007-11-29 16:12 ` tvrtko.ursulin
2007-11-29 0:12 ` James Morris
2007-11-29 16:27 ` Jon Masters
2007-11-29 16:51 ` Greg KH
2007-11-29 16:51 ` Stephen Hemminger
2007-11-29 16:52 ` Jan Engelhardt
2007-11-29 0:51 ` Jan Engelhardt
2007-11-29 1:45 ` Casey Schaufler
2007-11-28 18:15 ` Valdis.Kletnieks
2007-11-28 18:30 ` Al Viro
2007-11-29 0:38 ` Greg KH
2007-11-29 0:53 ` Jan Engelhardt
2007-11-29 1:07 ` Greg KH
2007-11-29 16:36 ` Jon Masters
2007-11-29 16:47 ` Greg KH
2007-11-29 16:53 ` Jan Engelhardt
2007-11-29 16:57 ` Christoph Hellwig
2007-11-29 17:27 ` Alan Cox
2007-11-29 22:58 ` Andi Kleen
2007-12-08 10:50 ` Pavel Machek
2007-11-29 17:03 ` Greg KH
2007-11-29 17:35 ` Ray Lee
2007-11-29 17:45 ` Greg KH
2007-11-29 18:03 ` Ray Lee
2007-11-29 18:19 ` Justin Banks
2007-11-29 18:38 ` Jon Masters
2007-11-29 17:51 ` Al Viro
2007-11-29 17:05 ` Jon Masters
2007-11-29 17:14 ` Greg KH
2007-11-29 16:26 ` tvrtko.ursulin
2007-11-29 17:36 ` Alan Cox
2007-11-29 18:40 ` Ray Lee
2007-11-29 18:56 ` Jon Masters
2007-11-29 19:11 ` Ray Lee
2007-11-29 19:45 ` Jon Masters
2007-11-29 20:56 ` Valdis.Kletnieks [this message]
2007-11-29 22:08 ` Al Viro
2007-11-30 0:50 ` James Morris
2007-11-29 23:31 ` Jon Masters
2007-11-29 21:45 ` Alan Cox
2007-11-29 22:12 ` Justin Banks
2007-11-30 1:48 ` Al Viro
2007-11-30 15:37 ` Justin Banks
2007-11-29 23:34 ` Jon Masters
2007-11-30 6:20 ` Valdis.Kletnieks
2007-11-30 13:30 ` Alan Cox
2007-11-29 21:09 ` Andi Kleen
2007-11-28 19:20 ` Andi Kleen
2007-11-28 19:52 ` Alan Cox
2007-11-28 20:05 ` Valdis.Kletnieks
2007-11-29 16:39 ` tvrtko.ursulin
2007-12-01 8:43 ` Pavel Machek
2007-12-02 19:44 ` Valdis.Kletnieks
2007-12-02 20:02 ` Arjan van de Ven
2007-12-02 20:06 ` Andi Kleen
2007-12-02 20:22 ` Pavel Machek
2007-12-02 21:09 ` Valdis.Kletnieks
2007-12-02 21:56 ` Pavel Machek
2007-12-02 23:15 ` Jan Engelhardt
2007-12-02 23:23 ` Pavel Machek
2007-11-29 0:58 ` Greg KH
2007-11-30 20:52 Crispin Cowan
2007-11-30 21:36 ` James Morris
2007-11-30 23:52 ` Crispin Cowan
2007-12-01 0:05 ` James Morris
[not found] <9uzZr-6iz-19@gated-at.bofh.it>
[not found] ` <9uUrm-5w3-27@gated-at.bofh.it>
[not found] ` <9uVGz-7uQ-19@gated-at.bofh.it>
[not found] ` <9uWCC-xI-13@gated-at.bofh.it>
[not found] ` <9uWMp-Ix-13@gated-at.bofh.it>
[not found] ` <9uX5A-1rs-1@gated-at.bofh.it>
[not found] ` <9uXyK-24f-23@gated-at.bofh.it>
2007-12-03 22:45 ` Bodo Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2812.1196369788@turing-police.cc.vt.edu \
--to=valdis.kletnieks@vt.edu \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=casey@schaufler-ca.com \
--cc=hch@infradead.org \
--cc=jonathan@jonmasters.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ray-lk@madrabbit.org \
--cc=tvrtko.ursulin@sophos.com \
--cc=viro@ftp.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).