linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Ray Lee" <ray-lk@madrabbit.org>
To: "Jon Masters" <jonathan@jonmasters.org>
Cc: "Alan Cox" <alan@lxorguk.ukuu.org.uk>,
	tvrtko.ursulin@sophos.com, "Al Viro" <viro@ftp.linux.org.uk>,
	"Casey Schaufler" <casey@schaufler-ca.com>,
	"Christoph Hellwig" <hch@infradead.org>,
	linux-kernel@vger.kernel.org, Valdis.Kletnieks@vt.edu
Subject: Re: Out of tree module using LSM
Date: Thu, 29 Nov 2007 11:11:29 -0800	[thread overview]
Message-ID: <2c0942db0711291111t16a4eb49h6b1e83ddf7bb4cf9@mail.gmail.com> (raw)
In-Reply-To: <1196362612.6473.98.camel@perihelion>

On Nov 29, 2007 10:56 AM, Jon Masters <jonathan@jonmasters.org> wrote:
> On Thu, 2007-11-29 at 10:40 -0800, Ray Lee wrote:
> > On Nov 29, 2007 9:36 AM, Alan Cox <alan@lxorguk.ukuu.org.uk> wrote:
> > > > closed. But more importantly further access to it can be blocked until
> > > > appropriate actions are taken which also applies with your example, no? Is
> > >
> > > That bit is hard- very hard.
> >
> > In some sense it seems like the same problem faced by dynamic
> > translators such as Qemu. They really want to vet a dirtied or faulted
> > page before allowing the app to run unhindered. It's be nice to have
> > some way to do that without virtualizing the whole of userspace.
>
> Like I hinted at, you can't just "vet a page". Because a page alone is
> meaningless garbage, unless it happens to be an extremely small program,
> with headers, all nicely aligned. Most likely you don't know if a random
> page of data is code from a COFF file, ELF file, or some random crap I
> typed in at a terminal after having too much coffee.
>
> So. You'd need to scan *all the pages* of *the entire file*, every time
> that you performed any type of operation.

*blink* Really? To lift Alan's example, a naive first implementation
would be to create a suffix tree of all of ESR's works, then scan each
page on fault to see if there are any partial matches in the tree. If
there's a partial match that ends at the page boundary, mark the page
as questionable, but let execution/reading continue. On the next
linear page, if the match finishes, mark that one as bad, and disallow
access. That wouldn't be very expensive (in terms of scanning effort).

But I'm by no means an anti-malware guy, so perhaps I'm spouting crap,
especially given that I've thought about this a total of five minutes.

Regardless, thanks for doing the coordination work with them, and for
interfacing them with the kernel community. I'm really going to shut
up now.

  reply	other threads:[~2007-11-29 19:11 UTC|newest]

Thread overview: 73+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-11-28 12:42 Out of tree module using LSM Tvrtko A. Ursulin
2007-11-28 14:41 ` Christoph Hellwig
2007-11-28 16:38   ` Casey Schaufler
2007-11-28 16:46     ` Christoph Hellwig
2007-11-28 17:39       ` Stephen Hemminger
2007-11-28 18:22         ` tvrtko.ursulin
2007-11-28 19:50           ` Alan Cox
2007-11-29 16:12             ` tvrtko.ursulin
2007-11-29  0:12           ` James Morris
2007-11-29 16:27             ` Jon Masters
2007-11-29 16:51               ` Greg KH
2007-11-29 16:51               ` Stephen Hemminger
2007-11-29 16:52               ` Jan Engelhardt
2007-11-29  0:51           ` Jan Engelhardt
2007-11-29  1:45             ` Casey Schaufler
2007-11-28 18:15       ` Valdis.Kletnieks
2007-11-28 18:30         ` Al Viro
2007-11-29  0:38           ` Greg KH
2007-11-29  0:53             ` Jan Engelhardt
2007-11-29  1:07               ` Greg KH
2007-11-29 16:36                 ` Jon Masters
2007-11-29 16:47                   ` Greg KH
2007-11-29 16:53                     ` Jan Engelhardt
2007-11-29 16:57                       ` Christoph Hellwig
2007-11-29 17:27                         ` Alan Cox
2007-11-29 22:58                           ` Andi Kleen
2007-12-08 10:50                             ` Pavel Machek
2007-11-29 17:03                       ` Greg KH
2007-11-29 17:35                         ` Ray Lee
2007-11-29 17:45                           ` Greg KH
2007-11-29 18:03                             ` Ray Lee
2007-11-29 18:19                               ` Justin Banks
2007-11-29 18:38                                 ` Jon Masters
2007-11-29 17:51                           ` Al Viro
2007-11-29 17:05                     ` Jon Masters
2007-11-29 17:14                       ` Greg KH
2007-11-29 16:26           ` tvrtko.ursulin
2007-11-29 17:36             ` Alan Cox
2007-11-29 18:40               ` Ray Lee
2007-11-29 18:56                 ` Jon Masters
2007-11-29 19:11                   ` Ray Lee [this message]
2007-11-29 19:45                     ` Jon Masters
2007-11-29 20:56                       ` Valdis.Kletnieks
2007-11-29 22:08                         ` Al Viro
2007-11-30  0:50                           ` James Morris
2007-11-29 23:31                         ` Jon Masters
2007-11-29 21:45                       ` Alan Cox
2007-11-29 22:12                         ` Justin Banks
2007-11-30  1:48                           ` Al Viro
2007-11-30 15:37                             ` Justin Banks
2007-11-29 23:34                         ` Jon Masters
2007-11-30  6:20                           ` Valdis.Kletnieks
2007-11-30 13:30                             ` Alan Cox
2007-11-29 21:09               ` Andi Kleen
2007-11-28 19:20 ` Andi Kleen
2007-11-28 19:52   ` Alan Cox
2007-11-28 20:05     ` Valdis.Kletnieks
2007-11-29 16:39   ` tvrtko.ursulin
2007-12-01  8:43     ` Pavel Machek
2007-12-02 19:44       ` Valdis.Kletnieks
2007-12-02 20:02         ` Arjan van de Ven
2007-12-02 20:06         ` Andi Kleen
2007-12-02 20:22         ` Pavel Machek
2007-12-02 21:09           ` Valdis.Kletnieks
2007-12-02 21:56             ` Pavel Machek
2007-12-02 23:15               ` Jan Engelhardt
2007-12-02 23:23                 ` Pavel Machek
2007-11-29  0:58 ` Greg KH
2007-11-30 20:52 Crispin Cowan
2007-11-30 21:36 ` James Morris
2007-11-30 23:52   ` Crispin Cowan
2007-12-01  0:05     ` James Morris
     [not found] <9uzZr-6iz-19@gated-at.bofh.it>
     [not found] ` <9uUrm-5w3-27@gated-at.bofh.it>
     [not found]   ` <9uVGz-7uQ-19@gated-at.bofh.it>
     [not found]     ` <9uWCC-xI-13@gated-at.bofh.it>
     [not found]       ` <9uWMp-Ix-13@gated-at.bofh.it>
     [not found]         ` <9uX5A-1rs-1@gated-at.bofh.it>
     [not found]           ` <9uXyK-24f-23@gated-at.bofh.it>
2007-12-03 22:45             ` Bodo Eggert

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2c0942db0711291111t16a4eb49h6b1e83ddf7bb4cf9@mail.gmail.com \
    --to=ray-lk@madrabbit.org \
    --cc=Valdis.Kletnieks@vt.edu \
    --cc=alan@lxorguk.ukuu.org.uk \
    --cc=casey@schaufler-ca.com \
    --cc=hch@infradead.org \
    --cc=jonathan@jonmasters.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=tvrtko.ursulin@sophos.com \
    --cc=viro@ftp.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).