From: "Peter Dolding" <oiaohm@gmail.com>
To: davecb@sun.com
Cc: david@lang.hm, rmeijer@xs4all.nl,
"Alan Cox" <alan@lxorguk.ukuu.org.uk>,
capibara@xs4all.nl, "Eric Paris" <eparis@redhat.com>,
"Theodore Tso" <tytso@mit.edu>, "Rik van Riel" <riel@redhat.com>,
linux-security-module@vger.kernel.org,
"Adrian Bunk" <bunk@kernel.org>,
"Mihai Don??u" <mdontu@bitdefender.com>,
linux-kernel@vger.kernel.org, malware-list@lists.printk.net,
"Pavel Machek" <pavel@suse.cz>,
"Arjan van de Ven" <arjan@infradead.org>
Subject: Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforon access scanning
Date: Mon, 18 Aug 2008 11:33:50 +1000 [thread overview]
Message-ID: <e7d8f83e0808171833j3aeda564j43ea4262ec2cea57@mail.gmail.com> (raw)
In-Reply-To: <48A89551.9050107@sun.com>
On Mon, Aug 18, 2008 at 7:17 AM, David Collier-Brown <davecb@sun.com> wrote:
> Peter Dolding wrote:
>>
>> Currently if we have a unknown infection on a windows partition that
>> is been shared by linux the scanner on Linux cannot see that the
>> windows permissions has been screwed with. OS with badly damaged
>> permissions is a sign of 1 of three things. ...
>
> It's more likely that the files will reside on Linux/Unix under
> Samba, and so the permissions that Samba implements will be the ones
> that the virus is trying to mess up. These are implemented in
> terms of the usual permission bits, plus extended attributes/ACLs.
> Linux systems mounting Windows filesystems are somewhat unusual (;-))
>
More desktop use of Linux more cases of ntfs and fat mounted under
Linux. Funny enough linux mounting windows file systems is 100
percent normal for most Ubuntu users so there are a lot of them out
there doing it. I am future looking there are other filesystems
coming with there own issues as well.
Same issue with samba no common store for extra permissions exist so
on file systems that don't support there permissions storage it goes
back into there tdb storage.
Basically scanning everything to detect issues currently nicely
complex. We have a huge permissions mess. Some permissions are
processed by the file system drivers. Some are processed by vfs then
others processed and stored by individual applications. So no where
in Linux can you see all the permissions being applied to a single
file to be sure there is not a secuirty risk somewhere. Samba or
equal allowing access to remove a virus signature from the black list
or added something that should not be allowed to the white list would
be major problems.
Posix has not helped US here at all. No where in posix does it
provide anything to clean up this mess. Does solarias have a solution
I know BSD and Linux does not. I think all posix OS's have a mess in
this section.
Peter Dolding
next prev parent reply other threads:[~2008-08-18 1:34 UTC|newest]
Thread overview: 65+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-15 12:22 [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforon access scanning Rob Meijer
2008-08-15 13:27 ` Peter Dolding
2008-08-15 17:31 ` david
2008-08-16 3:57 ` Peter Dolding
2008-08-16 4:09 ` Arjan van de Ven
2008-08-16 5:19 ` Peter Dolding
2008-08-16 9:39 ` Theodore Tso
2008-08-16 11:38 ` Peter Dolding
2008-08-16 15:17 ` Theodore Tso
2008-08-17 7:49 ` Peter Dolding
2008-08-17 8:58 ` david
2008-08-18 0:11 ` Peter Dolding
2008-08-18 0:32 ` david
2008-08-18 1:20 ` Peter Dolding
2008-08-18 10:54 ` douglas.leeder
2008-08-18 13:40 ` Peter Dolding
2008-08-16 5:35 ` Valdis.Kletnieks
2008-08-16 7:27 ` david
[not found] ` <alpine.DEB.1.10.0808152115210.12859@asgard.lang.hm>
2008-08-16 9:28 ` Alan Cox
2008-08-16 10:14 ` david
2008-08-17 21:17 ` David Collier-Brown
2008-08-18 1:33 ` Peter Dolding [this message]
2008-08-18 1:44 ` david
2008-08-18 2:33 ` Peter Dolding
2008-08-15 14:18 ` Alan Cox
-- strict thread matches above, loose matches on Subject: below --
2008-08-17 10:33 Rob Meijer
2008-08-17 10:46 ` david
2008-08-17 21:58 ` Pavel Machek
2008-08-17 22:30 ` david
2008-08-15 10:10 Rob Meijer
2008-08-15 11:02 ` Alan Cox
2008-08-13 12:56 [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforon " Pavel Machek
2008-08-13 13:52 ` tvrtko.ursulin
2008-08-14 12:54 ` Pavel Machek
2008-08-14 18:37 ` [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforon " Press, Jonathan
2008-08-14 22:39 ` Pavel Machek
2008-08-15 0:00 ` Rik van Riel
2008-08-15 0:43 ` Theodore Tso
2008-08-15 1:02 ` Rik van Riel
2008-08-15 3:00 ` Eric Paris
2008-08-15 5:22 ` david
2008-08-15 5:33 ` david
2008-08-15 5:38 ` david
2008-08-17 22:14 ` Pavel Machek
2008-08-17 22:12 ` Pavel Machek
2008-08-17 22:47 ` david
2008-08-17 22:58 ` Pavel Machek
2008-08-17 23:24 ` david
2008-08-18 0:00 ` Casey Schaufler
2008-08-18 0:17 ` david
2008-08-18 0:31 ` Peter Dolding
2008-08-18 0:39 ` david
2008-08-18 0:42 ` Casey Schaufler
2008-08-18 0:07 ` Rik van Riel
2008-08-19 10:41 ` Pavel Machek
2008-08-15 8:35 ` Alan Cox
2008-08-15 11:35 ` Theodore Tso
2008-08-17 22:10 ` Pavel Machek
2008-08-06 0:51 [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforon " Rik van Riel
2008-08-06 12:10 ` Press, Jonathan
2008-08-06 15:08 ` Theodore Tso
2008-08-06 15:33 ` [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforon " Press, Jonathan
2008-08-06 15:46 ` Rik van Riel
2008-08-06 16:12 ` tvrtko.ursulin
2008-08-06 16:25 ` Rik van Riel
2008-08-06 18:06 ` Eric Paris
2008-08-05 17:38 [malware-list] [RFC 0/5] [TALPA] Intro to a linux interfaceforon " Arjan van de Ven
2008-08-05 18:04 ` Press, Jonathan
2008-08-05 18:11 ` Greg KH
2008-08-05 18:38 ` [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforon " Press, Jonathan
2008-08-05 18:54 ` Theodore Tso
2008-08-05 20:37 ` [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforon " Press, Jonathan
2008-08-05 21:14 ` Greg KH
2008-08-05 20:18 ` [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforon " Greg KH
2008-08-05 20:28 ` [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforon " Press, Jonathan
2008-08-05 20:51 ` Eric Paris
2008-08-05 21:08 ` Arjan van de Ven
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e7d8f83e0808171833j3aeda564j43ea4262ec2cea57@mail.gmail.com \
--to=oiaohm@gmail.com \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=arjan@infradead.org \
--cc=bunk@kernel.org \
--cc=capibara@xs4all.nl \
--cc=davecb@sun.com \
--cc=david@lang.hm \
--cc=eparis@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=malware-list@lists.printk.net \
--cc=mdontu@bitdefender.com \
--cc=pavel@suse.cz \
--cc=riel@redhat.com \
--cc=rmeijer@xs4all.nl \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).