linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Ray Lee" <ray-lk@madrabbit.org>
To: "Greg KH" <greg@kroah.com>
Cc: "Jan Engelhardt" <jengelh@computergmbh.de>,
	"Jon Masters" <jonathan@jonmasters.org>,
	Valdis.Kletnieks@vt.edu, "Christoph Hellwig" <hch@infradead.org>,
	"Al Viro" <viro@ftp.linux.org.uk>,
	"Casey Schaufler" <casey@schaufler-ca.com>,
	"Tvrtko A. Ursulin" <tvrtko.ursulin@sophos.com>,
	linux-kernel@vger.kernel.org
Subject: Re: Out of tree module using LSM
Date: Thu, 29 Nov 2007 09:35:56 -0800	[thread overview]
Message-ID: <2c0942db0711290935l56d28b70v2b35dfb1663e4d2b@mail.gmail.com> (raw)
In-Reply-To: <20071129170326.GA10024@kroah.com>

On Nov 29, 2007 9:03 AM, Greg KH <greg@kroah.com> wrote:
> On Thu, Nov 29, 2007 at 05:53:33PM +0100, Jan Engelhardt wrote:
> >
> > On Nov 29 2007 08:47, Greg KH wrote:
> > >On Thu, Nov 29, 2007 at 11:36:12AM -0500, Jon Masters wrote:
> > >> On Wed, 2007-11-28 at 17:07 -0800, Greg KH wrote:
> > >>
> > >> > The easiest way is as Al described above, just have the userspace
> > >> > program that wrote the file to disk, check it then.
> > >>
> > >> But the problem is that this isn't just Samba, this is a countless
> > >> myriad of different applications. And if one of them doesn't support
> > >> on-access scanning, then the whole solution isn't worth using.
> > >
> > >Ok, which specific applications do they care about?  Last time I asked
> > >it was still limited to a very small handful, all of which would be
> > >trivial to add such a hook to.
> > >
> > Well, think bash, syscalls. While you can add a plugin to samba "easily",
> > it seems overkill to do the same for rm, mv, cp, bash.
>
> Again, these are not things that these companies care about.

Perhaps if you looked at this outside of a file-server scenario, the
problem would be clearer? Anti-malware companies want to check
anything written to disk on a system, either at write time or blocking
the open/mmap. That means proactively protecting email programs with
known vulnerabilities that have yet to be patched, web browsers
writing and reading their caches, an Apache instance running WebDAV,
the list goes on. And these are on desktop systems, with no attached
file/network server.

Yes, each and every one of these programs could have a malware
scanning engine slapped inside of them. But that proves what? That's
like saying each an every program on a system should have the SELinux
policies built into them, and yet we have that in-kernel instead.

  reply	other threads:[~2007-11-29 17:36 UTC|newest]

Thread overview: 73+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-11-28 12:42 Out of tree module using LSM Tvrtko A. Ursulin
2007-11-28 14:41 ` Christoph Hellwig
2007-11-28 16:38   ` Casey Schaufler
2007-11-28 16:46     ` Christoph Hellwig
2007-11-28 17:39       ` Stephen Hemminger
2007-11-28 18:22         ` tvrtko.ursulin
2007-11-28 19:50           ` Alan Cox
2007-11-29 16:12             ` tvrtko.ursulin
2007-11-29  0:12           ` James Morris
2007-11-29 16:27             ` Jon Masters
2007-11-29 16:51               ` Greg KH
2007-11-29 16:51               ` Stephen Hemminger
2007-11-29 16:52               ` Jan Engelhardt
2007-11-29  0:51           ` Jan Engelhardt
2007-11-29  1:45             ` Casey Schaufler
2007-11-28 18:15       ` Valdis.Kletnieks
2007-11-28 18:30         ` Al Viro
2007-11-29  0:38           ` Greg KH
2007-11-29  0:53             ` Jan Engelhardt
2007-11-29  1:07               ` Greg KH
2007-11-29 16:36                 ` Jon Masters
2007-11-29 16:47                   ` Greg KH
2007-11-29 16:53                     ` Jan Engelhardt
2007-11-29 16:57                       ` Christoph Hellwig
2007-11-29 17:27                         ` Alan Cox
2007-11-29 22:58                           ` Andi Kleen
2007-12-08 10:50                             ` Pavel Machek
2007-11-29 17:03                       ` Greg KH
2007-11-29 17:35                         ` Ray Lee [this message]
2007-11-29 17:45                           ` Greg KH
2007-11-29 18:03                             ` Ray Lee
2007-11-29 18:19                               ` Justin Banks
2007-11-29 18:38                                 ` Jon Masters
2007-11-29 17:51                           ` Al Viro
2007-11-29 17:05                     ` Jon Masters
2007-11-29 17:14                       ` Greg KH
2007-11-29 16:26           ` tvrtko.ursulin
2007-11-29 17:36             ` Alan Cox
2007-11-29 18:40               ` Ray Lee
2007-11-29 18:56                 ` Jon Masters
2007-11-29 19:11                   ` Ray Lee
2007-11-29 19:45                     ` Jon Masters
2007-11-29 20:56                       ` Valdis.Kletnieks
2007-11-29 22:08                         ` Al Viro
2007-11-30  0:50                           ` James Morris
2007-11-29 23:31                         ` Jon Masters
2007-11-29 21:45                       ` Alan Cox
2007-11-29 22:12                         ` Justin Banks
2007-11-30  1:48                           ` Al Viro
2007-11-30 15:37                             ` Justin Banks
2007-11-29 23:34                         ` Jon Masters
2007-11-30  6:20                           ` Valdis.Kletnieks
2007-11-30 13:30                             ` Alan Cox
2007-11-29 21:09               ` Andi Kleen
2007-11-28 19:20 ` Andi Kleen
2007-11-28 19:52   ` Alan Cox
2007-11-28 20:05     ` Valdis.Kletnieks
2007-11-29 16:39   ` tvrtko.ursulin
2007-12-01  8:43     ` Pavel Machek
2007-12-02 19:44       ` Valdis.Kletnieks
2007-12-02 20:02         ` Arjan van de Ven
2007-12-02 20:06         ` Andi Kleen
2007-12-02 20:22         ` Pavel Machek
2007-12-02 21:09           ` Valdis.Kletnieks
2007-12-02 21:56             ` Pavel Machek
2007-12-02 23:15               ` Jan Engelhardt
2007-12-02 23:23                 ` Pavel Machek
2007-11-29  0:58 ` Greg KH
2007-11-30 20:52 Crispin Cowan
2007-11-30 21:36 ` James Morris
2007-11-30 23:52   ` Crispin Cowan
2007-12-01  0:05     ` James Morris
     [not found] <9uzZr-6iz-19@gated-at.bofh.it>
     [not found] ` <9uUrm-5w3-27@gated-at.bofh.it>
     [not found]   ` <9uVGz-7uQ-19@gated-at.bofh.it>
     [not found]     ` <9uWCC-xI-13@gated-at.bofh.it>
     [not found]       ` <9uWMp-Ix-13@gated-at.bofh.it>
     [not found]         ` <9uX5A-1rs-1@gated-at.bofh.it>
     [not found]           ` <9uXyK-24f-23@gated-at.bofh.it>
2007-12-03 22:45             ` Bodo Eggert

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2c0942db0711290935l56d28b70v2b35dfb1663e4d2b@mail.gmail.com \
    --to=ray-lk@madrabbit.org \
    --cc=Valdis.Kletnieks@vt.edu \
    --cc=casey@schaufler-ca.com \
    --cc=greg@kroah.com \
    --cc=hch@infradead.org \
    --cc=jengelh@computergmbh.de \
    --cc=jonathan@jonmasters.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=tvrtko.ursulin@sophos.com \
    --cc=viro@ftp.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).