Re: request for comment: generic kernel interface for malware vendors

From: Bodo Eggert
Date: Wed Jul 23 2008 - 08:40:10 EST

Next message: Mikulas Patocka: "Re: [patch 04/14] hpfs: dont call notify_change"
Previous message: Jaswinder Singh: "Re: [git pull] x86: declaration fixes - ver2"
In reply to: Ray Lee: "Re: request for comment: generic kernel interface for malware vendors"
Next in thread: Arjan van de Ven: "Re: request for comment: generic kernel interface for malwarevendors"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Rafael C. de Almeida <almeidaraf@xxxxxxxxx> wrote:
> Eric Paris wrote:

>> [Kernel support for malware scanners]

> I'm a newbie here, so don't take me too serious. But I don't see why
> that needs a kernel interface, at least from the example on the
> Documentation directory (patch 9). Seems to me you could just use file
> permission to deny or allow the access for a certain file. The only
> thing that would be a little trickier from user-space is to know when a
> given file is read. So, talpa should do only that or you could take
> advantage of preload like trickle does for bandwidth shapping.

How do you ensure that the LD_PRELOAD variable stays intact and will be
honored by all applications - including that commercial one supplying it's
own libc, by suid-binaries and by programs written in a non-libc-language?

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Mikulas Patocka: "Re: [patch 04/14] hpfs: dont call notify_change"
Previous message: Jaswinder Singh: "Re: [git pull] x86: declaration fixes - ver2"
In reply to: Ray Lee: "Re: request for comment: generic kernel interface for malware vendors"
Next in thread: Arjan van de Ven: "Re: request for comment: generic kernel interface for malwarevendors"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]