Re: TALPA - a threat model? well sorta.
From: 7v5w7go9ub0o
Date: Wed Aug 13 2008 - 22:26:21 EST
7v5w7go9ub0o wrote:
4. Again, my hope for libmalware.so/dazuko is a realtime
integrity-management link.
<end posts>
HTH
p.s. The question has developed, should this monitor root activities.
IMHO, the answer is a definite YES! We are most vulnerable during
software updating; AntiMailware signatures may stop the compilation or
installation of a Trojan - by root.
I just noticed a separate discussion about integrity-checking LKMs and LSMs.
Obviously, a libmalware.so or Dazuko based integrity-checker would block
a kernel from loading in a Trojaned LKM - noting that the MD5 had
changed, and asking you to block, temporarily allow, or permanently
allow the changed module.
Another security benefit of your pursuit.
HTH
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/