From: Pavel Machek <pavel@ucw.cz>
To: Valdis.Kletnieks@vt.edu
Cc: tvrtko.ursulin@sophos.com, Andi Kleen <andi@firstfloor.org>,
ak@suse.de, linux-kernel@vger.kernel.org
Subject: Re: Out of tree module using LSM
Date: Sun, 2 Dec 2007 21:22:40 +0100 [thread overview]
Message-ID: <20071202202240.GB1625@elf.ucw.cz> (raw)
In-Reply-To: <17957.1196624688@turing-police.cc.vt.edu>
Hi!
> > So what you are trying to do is 'application may never read bad
> > sequence of bits from disk', right?
>
> No, in many of the use cases, we're trying to do "if application reads certain
> specified sequences of bits from disk we know about it", which is subtly
> different. Often, *absolute* prevention isn't required, as long as we can
> generate audit trails and/or alerts...
>
> > Now, how do you propose to solve mmap(MAP_SHARED)? The app on the other cpu may
> > see the bad bits before kernel has chance to see them.
>
> For many usage cases (such as virus scanners), mmap() isn't really an issue,
> because if another process is *already* trying to mmap() the file before it's
> even finished downloading from the network interface, you have other
> problems.
Well, if you only want to detect viruses _sometimes_, you can just
LD_PRELOAD your scanner.
I guess the A/V people should describe what they are trying to do, as
in
"forbidden sequences of bits should never hit disk" or "forbidden
sequences of bits should be never read from disk" or something...
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
next prev parent reply other threads:[~2007-12-02 20:22 UTC|newest]
Thread overview: 73+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-11-28 12:42 Out of tree module using LSM Tvrtko A. Ursulin
2007-11-28 14:41 ` Christoph Hellwig
2007-11-28 16:38 ` Casey Schaufler
2007-11-28 16:46 ` Christoph Hellwig
2007-11-28 17:39 ` Stephen Hemminger
2007-11-28 18:22 ` tvrtko.ursulin
2007-11-28 19:50 ` Alan Cox
2007-11-29 16:12 ` tvrtko.ursulin
2007-11-29 0:12 ` James Morris
2007-11-29 16:27 ` Jon Masters
2007-11-29 16:51 ` Greg KH
2007-11-29 16:51 ` Stephen Hemminger
2007-11-29 16:52 ` Jan Engelhardt
2007-11-29 0:51 ` Jan Engelhardt
2007-11-29 1:45 ` Casey Schaufler
2007-11-28 18:15 ` Valdis.Kletnieks
2007-11-28 18:30 ` Al Viro
2007-11-29 0:38 ` Greg KH
2007-11-29 0:53 ` Jan Engelhardt
2007-11-29 1:07 ` Greg KH
2007-11-29 16:36 ` Jon Masters
2007-11-29 16:47 ` Greg KH
2007-11-29 16:53 ` Jan Engelhardt
2007-11-29 16:57 ` Christoph Hellwig
2007-11-29 17:27 ` Alan Cox
2007-11-29 22:58 ` Andi Kleen
2007-12-08 10:50 ` Pavel Machek
2007-11-29 17:03 ` Greg KH
2007-11-29 17:35 ` Ray Lee
2007-11-29 17:45 ` Greg KH
2007-11-29 18:03 ` Ray Lee
2007-11-29 18:19 ` Justin Banks
2007-11-29 18:38 ` Jon Masters
2007-11-29 17:51 ` Al Viro
2007-11-29 17:05 ` Jon Masters
2007-11-29 17:14 ` Greg KH
2007-11-29 16:26 ` tvrtko.ursulin
2007-11-29 17:36 ` Alan Cox
2007-11-29 18:40 ` Ray Lee
2007-11-29 18:56 ` Jon Masters
2007-11-29 19:11 ` Ray Lee
2007-11-29 19:45 ` Jon Masters
2007-11-29 20:56 ` Valdis.Kletnieks
2007-11-29 22:08 ` Al Viro
2007-11-30 0:50 ` James Morris
2007-11-29 23:31 ` Jon Masters
2007-11-29 21:45 ` Alan Cox
2007-11-29 22:12 ` Justin Banks
2007-11-30 1:48 ` Al Viro
2007-11-30 15:37 ` Justin Banks
2007-11-29 23:34 ` Jon Masters
2007-11-30 6:20 ` Valdis.Kletnieks
2007-11-30 13:30 ` Alan Cox
2007-11-29 21:09 ` Andi Kleen
2007-11-28 19:20 ` Andi Kleen
2007-11-28 19:52 ` Alan Cox
2007-11-28 20:05 ` Valdis.Kletnieks
2007-11-29 16:39 ` tvrtko.ursulin
2007-12-01 8:43 ` Pavel Machek
2007-12-02 19:44 ` Valdis.Kletnieks
2007-12-02 20:02 ` Arjan van de Ven
2007-12-02 20:06 ` Andi Kleen
2007-12-02 20:22 ` Pavel Machek [this message]
2007-12-02 21:09 ` Valdis.Kletnieks
2007-12-02 21:56 ` Pavel Machek
2007-12-02 23:15 ` Jan Engelhardt
2007-12-02 23:23 ` Pavel Machek
2007-11-29 0:58 ` Greg KH
2007-11-30 20:52 Crispin Cowan
2007-11-30 21:36 ` James Morris
2007-11-30 23:52 ` Crispin Cowan
2007-12-01 0:05 ` James Morris
[not found] <9uzZr-6iz-19@gated-at.bofh.it>
[not found] ` <9uUrm-5w3-27@gated-at.bofh.it>
[not found] ` <9uVGz-7uQ-19@gated-at.bofh.it>
[not found] ` <9uWCC-xI-13@gated-at.bofh.it>
[not found] ` <9uWMp-Ix-13@gated-at.bofh.it>
[not found] ` <9uX5A-1rs-1@gated-at.bofh.it>
[not found] ` <9uXyK-24f-23@gated-at.bofh.it>
2007-12-03 22:45 ` Bodo Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20071202202240.GB1625@elf.ucw.cz \
--to=pavel@ucw.cz \
--cc=Valdis.Kletnieks@vt.edu \
--cc=ak@suse.de \
--cc=andi@firstfloor.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tvrtko.ursulin@sophos.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).