RE: [malware-list] TALPA - a threat model? well sorta.

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Press, Jonathan

Subject: RE: [malware-list] TALPA - a threat model? well sorta.

Date: Friday, August 15, 2008 - 10:40 am

> -----Original Message-----
quoted text> From: david@lang.hm [mailto:david@lang.hm]
> Sent: Friday, August 15, 2008 1:33 PM
> To: Press, Jonathan
> Cc: Peter Zijlstra; Helge Hafting; linux-kernel@vger.kernel.org;
malware-
quoted text> list@lists.printk.net; hch@infradead.org; andi@firstfloor.org;
> viro@ZenIV.linux.org.uk; alan@lxorguk.ukuu.org.uk; Arjan van de Ven
> Subject: RE: [malware-list] TALPA - a threat model? well sorta.
> 
> On Fri, 15 Aug 2008, Press, Jonathan wrote:
> 
> >> -----Original Message-----
> >> From: david@lang.hm [mailto:david@lang.hm]
> >>> The problem is that you have to account for the cases where the
malware
quoted text> >>> made it onto the system even if you were trying to catch it ahead
of
quoted text> >>> time.  For example:
> >>>
> >>> - Administrator turns off or reduces AV protection for some reason
for
quoted text> >>> some period of time.  It happens all the time.
> >>
> >> according to the threat model actions of the administrator do not
matter.
quoted text> >
> > Sorry, I don't know what you mean.
> 
> the threat model that was posted two days ago in the initial message
of
quoted text> this thread specificly stated that actions of root are not something
that
quoted text> this is trying to defend against.

I think you may have missed the point of any such statement.

Just to clarify...

The model does not exclude root-owned processes from the notification
and scanning sequence.  If root attempts to execute a file, that file
would be scanned before the execution is allowed.  If a root-owned
process attempts to open a file, that access would be blocked until the
file is scanned.  If a root-owned process closes a file that has been
written to, that file would be scanned.

In addition, to generalize from the incorrect idea that the actions of
root are not being defended against to the idea that the possible
impacts of an administrator's actions in configuring an application
should not be accounted for at all in our thinking doesn't make sense to
me anyway.

Jon Press

--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: TALPA - a threat model? well sorta., Alan Cox, (Wed Aug 13, 9:24 am)

TALPA - a threat model? well sorta., Eric Paris, (Wed Aug 13, 9:36 am)

Re: TALPA - a threat model? well sorta., Alan Cox, (Wed Aug 13, 9:37 am)

Re: TALPA - a threat model? well sorta., Eric Paris, (Wed Aug 13, 9:47 am)

Re: TALPA - a threat model? well sorta., Greg KH, (Wed Aug 13, 9:57 am)

Re: TALPA - a threat model? well sorta., Eric Paris, (Wed Aug 13, 10:00 am)

Re: TALPA - a threat model? well sorta., Christoph Hellwig, (Wed Aug 13, 10:07 am)

Re: TALPA - a threat model? well sorta., Arjan van de Ven, (Wed Aug 13, 10:39 am)

Re: TALPA - a threat model? well sorta., Theodore Tso, (Wed Aug 13, 11:15 am)

Re: TALPA - a threat model? well sorta., Andi Kleen, (Wed Aug 13, 11:17 am)

Re: TALPA - a threat model? well sorta., H. Peter Anvin, (Wed Aug 13, 11:21 am)

Re: TALPA - a threat model? well sorta., Arjan van de Ven, (Wed Aug 13, 11:21 am)

Re: TALPA - a threat model? well sorta., Arjan van de Ven, (Wed Aug 13, 11:24 am)

Re: TALPA - a threat model? well sorta., Eric Paris, (Wed Aug 13, 11:40 am)

Re: TALPA - a threat model? well sorta., Eric Paris, (Wed Aug 13, 11:57 am)

Re: TALPA - a threat model? well sorta., Eric Paris, (Wed Aug 13, 12:02 pm)

Re: TALPA - a threat model? well sorta., Theodore Tso, (Wed Aug 13, 12:29 pm)

Re: TALPA - a threat model? well sorta., Alan Cox, (Wed Aug 13, 12:59 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Alan Cox, (Wed Aug 13, 2:13 pm)

RE: [malware-list] TALPA - a threat model? well sorta., Press, Jonathan, (Wed Aug 13, 2:15 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Alan Cox, (Wed Aug 13, 2:23 pm)

RE: [malware-list] TALPA - a threat model? well sorta., Press, Jonathan, (Wed Aug 13, 2:24 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Rik van Riel, (Wed Aug 13, 2:35 pm)

Re: TALPA - a threat model? well sorta., Arjan van de Ven, (Wed Aug 13, 2:39 pm)

Re: TALPA - a threat model? well sorta., 7v5w7go9ub0o, (Wed Aug 13, 5:14 pm)

Re: TALPA - a threat model? well sorta., Mihai , (Wed Aug 13, 5:18 pm)

Re: TALPA - a threat model? well sorta., 7v5w7go9ub0o, (Wed Aug 13, 7:25 pm)

Re: TALPA - a threat model? well sorta., tvrtko.ursulin, (Thu Aug 14, 2:18 am)

Re: [malware-list] TALPA - a threat model? well sorta., tvrtko.ursulin, (Thu Aug 14, 2:30 am)

Re: [malware-list] TALPA - a threat model? well sorta., tvrtko.ursulin, (Thu Aug 14, 2:46 am)

RE: [malware-list] TALPA - a threat model? well sorta., Press, Jonathan, (Thu Aug 14, 4:58 am)

RE: [malware-list] TALPA - a threat model? well sorta., Press, Jonathan, (Thu Aug 14, 5:03 am)

RE: [malware-list] TALPA - a threat model? well sorta., tvrtko.ursulin, (Thu Aug 14, 5:27 am)

Re: [malware-list] TALPA - a threat model? well sorta., Mihai , (Thu Aug 14, 5:34 am)

Re: TALPA - a threat model? well sorta., Arnd Bergmann, (Thu Aug 14, 6:00 am)

Re: [malware-list] TALPA - a threat model? well sorta., Theodore Tso, (Thu Aug 14, 6:24 am)

Re: [malware-list] TALPA - a threat model? well sorta., Arjan van de Ven, (Thu Aug 14, 6:46 am)

Re: [malware-list] TALPA - a threat model? well sorta., Eric Paris, (Thu Aug 14, 6:48 am)

Re: TALPA - a threat model? well sorta., Eric Paris, (Thu Aug 14, 7:12 am)

Re: [malware-list] TALPA - a threat model? well sorta., Theodore Tso, (Thu Aug 14, 8:50 am)

Re: TALPA - a threat model? well sorta., Arjan van de Ven, (Thu Aug 14, 8:57 am)

Re: [malware-list] TALPA - a threat model? well sorta., Eric Paris, (Thu Aug 14, 10:29 am)

Re: [malware-list] TALPA - a threat model? well sorta., Theodore Tso, (Thu Aug 14, 12:17 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Eric Paris, (Thu Aug 14, 12:20 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Christoph Hellwig, (Thu Aug 14, 12:34 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Theodore Tso, (Thu Aug 14, 12:41 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Christoph Hellwig, (Thu Aug 14, 1:20 pm)

Re: [malware-list] TALPA - a threat model? well sorta., J. Bruce Fields, (Thu Aug 14, 2:21 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Theodore Tso, (Thu Aug 14, 4:34 pm)

Re: TALPA - a threat model? well sorta., david, (Thu Aug 14, 6:31 pm)

Re: [malware-list] TALPA - a threat model? well sorta., david, (Thu Aug 14, 6:37 pm)

Re: [malware-list] TALPA - a threat model? well sorta., david, (Thu Aug 14, 6:44 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Theodore Tso, (Thu Aug 14, 7:04 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Eric Paris, (Thu Aug 14, 8:25 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Arjan van de Ven, (Thu Aug 14, 8:41 pm)

Re: [malware-list] TALPA - a threat model? well sorta., david, (Thu Aug 14, 9:48 pm)

Re: [malware-list] TALPA - a threat model? well sorta., david, (Thu Aug 14, 10:05 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Johannes Weiner, (Thu Aug 14, 10:12 pm)

Re: [malware-list] TALPA - a threat model? well sorta., david, (Thu Aug 14, 10:28 pm)

Re: [malware-list] TALPA - a threat model? well sorta., david, (Thu Aug 14, 10:36 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Alan Cox, (Fri Aug 15, 1:51 am)

Re: TALPA - a threat model? well sorta., Helge Hafting, (Fri Aug 15, 3:07 am)

Re: TALPA - a threat model? well sorta., Peter Zijlstra, (Fri Aug 15, 3:37 am)

Re: TALPA - a threat model? well sorta., tvrtko.ursulin, (Fri Aug 15, 3:44 am)

RE: [malware-list] TALPA - a threat model? well sorta., Press, Jonathan, (Fri Aug 15, 6:10 am)

Re: [malware-list] TALPA - a threat model? well sorta., douglas.leeder, (Fri Aug 15, 6:18 am)

Re: [malware-list] TALPA - a threat model? well sorta., Pavel Machek, (Fri Aug 15, 7:31 am)

Re: [malware-list] TALPA - a threat model? well sorta., Pavel Machek, (Fri Aug 15, 7:37 am)

Re: TALPA - a threat model? well sorta., Pavel Machek, (Fri Aug 15, 9:06 am)

RE: [malware-list] TALPA - a threat model? well sorta., david, (Fri Aug 15, 9:25 am)

RE: [malware-list] TALPA - a threat model? well sorta., Press, Jonathan, (Fri Aug 15, 9:30 am)

Re: [malware-list] TALPA - a threat model? well sorta., Theodore Tso, (Fri Aug 15, 10:04 am)

RE: [malware-list] TALPA - a threat model? well sorta., david, (Fri Aug 15, 10:33 am)

RE: [malware-list] TALPA - a threat model? well sorta., Press, Jonathan, (Fri Aug 15, 10:40 am)

RE: [malware-list] TALPA - a threat model? well sorta., david, (Fri Aug 15, 10:47 am)

Re: [malware-list] TALPA - a threat model? well sorta., Valdis.Kletnieks, (Fri Aug 15, 11:06 am)

RE: [malware-list] TALPA - a threat model? well sorta., Press, Jonathan, (Fri Aug 15, 11:09 am)

RE: [malware-list] TALPA - a threat model? well sorta., Press, Jonathan, (Fri Aug 15, 11:17 am)

Re: [malware-list] TALPA - a threat model? well sorta., david, (Fri Aug 15, 1:05 pm)

RE: [malware-list] TALPA - a threat model? well sorta., david, (Fri Aug 15, 1:08 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Jan Harkes, (Fri Aug 15, 1:16 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Theodore Tso, (Fri Aug 15, 1:17 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Arjan van de Ven, (Fri Aug 15, 3:05 pm)

Re: [malware-list] TALPA - a threat model? well sorta., David Collier-Brown, (Sun Aug 17, 2:11 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Eric Paris, (Sun Aug 17, 4:19 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Arjan van de Ven, (Sun Aug 17, 4:26 pm)

Re: [malware-list] TALPA - a threat model? well sorta., Helge Hafting, (Mon Aug 18, 3:02 am)

Re: [malware-list] TALPA - a threat model? well sorta., Helge Hafting, (Mon Aug 18, 3:09 am)

Re: [malware-list] TALPA - a threat model? well sorta., Peter Zijlstra, (Mon Aug 18, 3:14 am)

Re: [malware-list] TALPA - a threat model? well sorta., tvrtko.ursulin, (Mon Aug 18, 3:24 am)

Re: [malware-list] TALPA - a threat model? well sorta., douglas.leeder, (Mon Aug 18, 3:25 am)

Re: TALPA - a threat model? well sorta., david, (Mon Aug 18, 5:21 am)

Re: TALPA - a threat model? well sorta., Pavel Machek, (Mon Aug 18, 6:30 am)

Re: [malware-list] TALPA - a threat model? well sorta., Alan Cox, (Mon Aug 18, 8:33 am)

Re: [malware-list] TALPA - a threat model? well sorta., Rik van Riel, (Mon Aug 18, 9:43 am)

Re: TALPA - a threat model? well sorta., david, (Mon Aug 18, 5:03 pm)

Re: [malware-list] TALPA - a threat model? well sorta., J. Bruce Fields, (Tue Aug 19, 2:43 pm)

Navigation

Popular discussions


linux-kernel:
Ingo Molnar	Re: [patch] e1000=y && e1000e=m regression fix
Greg Kroah-Hartman	[PATCH 20/36] Driver core: Call device_pm_add() after bus_add_device() in device_a...
Boaz Harrosh	how to use KBUILD_EXTRA_SYMBOLS
Brandeburg, Jesse	RE: [regression] e1000e broke e1000 (was: Re: [ANNOUNCE] e1000 toe1000e migration ...
Pekka Enberg	Re: [PATCH] include/linux/slab.h: new KFREE() macro.
git:
Bill Lear	cpio command not found
Jing Xue	Re: git rm --cached
Fredrik Kuivinen	Re: fatal: unable to create '.git/index': File exists
Johannes Schindelin	Re: [PATCH 1/3 v2] Implement the patience diff algorithm
Johannes Sixt	Re: How to pull remote branch with specified commit id?
linux-netdev:
Jamie Lokier	Re: POHMELFS high performance network filesystem. Transactions, failover, performa...
Oliver Neukum	Re: [RFC] Patch to option HSO driver to the kernel
Paulius Zaleckas	Re: [RFC] Patch to option HSO driver to the kernel
Timo Teräs	ip xfrm policy semantics
Ron Mercer	[net-next PATCH 2/2] qlge: Version change to v1.00.00.27
openbsd-misc:
Tomas Bodzar	Re: OpenSMTPd actual development and integration
Netmaffia.hu	Tini Lányok AKCIÓBAN OTTHON
Bryan Irvine	Re: DVD burn error: No space left on device
Sevan / Venture37	Re: This is what Linus Torvalds calls openBSD crowd
Siju George	This is what Linus Torvalds calls openBSD crowd
git-commits-head:
Linux Kernel Mailing List	powerpc/fsl_msi: enable msi allocation in all banks
Linux Kernel Mailing List	[ARM] mmp: avengers lite (pxa168) board bring up
Linux Kernel Mailing List	via82cxxx: add support for VT6415 PCIE PATA IDE Host Controller
Linux Kernel Mailing List	checkpatch: warn on declaration with storage class not at the beginning
Linux Kernel Mailing List	USB: remove duplicate entry in Option driver and Pl2303 driver for Huawei modem

Colocation donated by:

Syndicate