Cc: <david@...>, <rmeijer@...>, Alan Cox <alan@...>, <capibara@...>, Eric Paris <eparis@...>, Theodore Tso <tytso@...>, Rik van Riel <riel@...>, <davecb@...>, <linux-security-module@...>, Adrian Bunk <bunk@...>, Mihai Don??u <mdontu@...>, <linux-kernel@...>, <malware-list@...>, Pavel Machek <pavel@...>
On Sat, 16 Aug 2008 13:57:50 +1000
"Peter Dolding" <oiaohm@gmail.com> wrote:
The problem TALPA is trying to solve is only part of the puzzle.
Everyone recognizes that. It's a very relevant part of the puzzle (in
corporate context at least), but it's very much so not a complete
puzzle. Does that mean we shouldn't deal with this just because it's
incomplete? Absolutely not!
(nor should we do something that has no value.. but that's not the case;
the model that Erik described is quite well defined as
"do not give ''bad' content to applications/exec".
There is clearly value in that (even though it's not defined what 'bad'
is other than 'program X or Y says so', but for now we have to live
with that; if it bothers you just think "clamAV").
The implementation idea (have a flag/generationnr in the inode for
'known good', block on read() and mmap(), and schedule async scans in
open or on dirty) seems to be quite solid although several details
(async queueing model for example but also the general dirty
notification system) need to be worked out.
Sadly what you're doing is throwing up smoke and just saying "it
doesn't solve world hunger as well so it's bad". Please do yourself a
favor and stop that before people totally start ignoring you.
--
If you want to reach me at my work email, use arjan@linux.intel.com
For development, discussion and tips for power savings,
visit http://www.lesswatts.org
--
