Re: Out of tree module using LSM

From: Alan Cox
Date: Fri Nov 30 2007 - 08:39:40 EST

Next message: Ingo Molnar: "Re: [BUG] Strange 1-second pauses during Resume-from-RAM"
Previous message: Heiko Carstens: "Re: [PATCH] Re: [BUG] 2.6.24-rc3 x86 make depends on s390 arch"
In reply to: Valdis . Kletnieks: "Re: Out of tree module using LSM"
Next in thread: Andi Kleen: "Re: Out of tree module using LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Fortunately for all concerned, although Alan's self-modifying code is indeed a
> possibility, it's much less of an issue than the sort of malware that can be
> found with a simple "find this 27-byte sequence, which will be found in either
> block 36 or 37 of the file"

Thats a very old model of detection ;)

There is another usage case for this stuff as well - which is on the fly
indexing of material. An indexer has the same basic needs as a virus
checker (without the blocking aspect) and doesn't have to be robust
against sneaky material.

Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ingo Molnar: "Re: [BUG] Strange 1-second pauses during Resume-from-RAM"
Previous message: Heiko Carstens: "Re: [PATCH] Re: [BUG] 2.6.24-rc3 x86 make depends on s390 arch"
In reply to: Valdis . Kletnieks: "Re: Out of tree module using LSM"
Next in thread: Andi Kleen: "Re: Out of tree module using LSM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]