Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforon access scanning

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

To: Peter Dolding <oiaohm@...>

Cc: <davecb@...>, <rmeijer@...>, Alan Cox <alan@...>, <capibara@...>, Eric Paris <eparis@...>, Theodore Tso <tytso@...>, Rik van Riel <riel@...>, <linux-security-module@...>, Adrian Bunk <bunk@...>, Mihai Don??u <mdontu@...>, <linux-kernel@...>, <malware-list@...>, Pavel Machek <pavel@...>, Arjan van de Ven <arjan@...>

Subject: Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforon access scanning

Date: Sunday, August 17, 2008 - 9:44 pm

On Mon, 18 Aug 2008, Peter Dolding wrote:

quoted text> On Mon, Aug 18, 2008 at 7:17 AM, David Collier-Brown <davecb@sun.com> wrote:
>> Peter Dolding wrote:
>>>
>>> Currently if we have a unknown infection on a  windows partition that
>>> is been shared by linux the scanner on Linux cannot see that the
>>> windows permissions has been screwed with.   OS with badly damaged
>>> permissions is a sign of 1 of three things.  ...
>>
>> It's more likely that the files will reside on Linux/Unix under
>> Samba, and so the permissions that Samba implements will be the ones
>> that the virus is trying to mess up.  These are implemented in
>> terms of the usual permission bits, plus extended attributes/ACLs.
>> Linux systems mounting Windows filesystems are somewhat unusual (;-))
>>
> More desktop use of Linux more cases of ntfs and fat mounted under
> Linux.  Funny enough linux mounting windows file systems is 100
> percent normal for most Ubuntu users so there are a lot of them out
> there doing it.   I am future looking there are other filesystems
> coming with there own issues as well.

but what you are missing is that when they are mounted under linux it 
doesn't matter what hidden things the other OS may access, all that 
matters is what Linux sees. If Linux doesn't see something it can't serve 
it out to those other OSs.

those 'hidden things' would only matter if you were trying to use linux 
to scan a drive and bless it for another system to then mount locally. If 
we aren't trying to defend against that (and I don't hear anyone other 
then you saying we should) then we don't need to worry about such things.

If we were trying to make the drive safe for all other OSs to mount 
directly, then mearly seeing everything isn't enough, you would have to be 
able to fully duplicate how the other OS interprets the things you are 
seeing, and know all vunerabilities that arise from all possible 
interpretations. I don't think that's possible (and I don't think it would 
be possible even if the source for all those other OSs were available)

David Lang
--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfac..., Rob Meijer, (Fri Aug 15, 8:22 am)

Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfac..., Alan Cox, (Fri Aug 15, 10:18 am)

Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfac..., Peter Dolding, (Fri Aug 15, 9:27 am)

Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfac..., , (Fri Aug 15, 1:31 pm)

Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfac..., Peter Dolding, (Fri Aug 15, 11:57 pm)

Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfac..., David Collier-Brown, (Sun Aug 17, 5:17 pm)

Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfac..., Peter Dolding, (Sun Aug 17, 9:33 pm)

Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfac..., , (Sun Aug 17, 9:44 pm)

Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfac..., Peter Dolding, (Sun Aug 17, 10:33 pm)

Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfac..., Arjan van de Ven, (Sat Aug 16, 12:09 am)

Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfac..., , (Sat Aug 16, 1:35 am)

Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfac..., , (Sat Aug 16, 3:27 am)

Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfac..., Peter Dolding, (Sat Aug 16, 1:19 am)

Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfac..., Theodore Tso, (Sat Aug 16, 5:39 am)

Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfac..., Peter Dolding, (Sat Aug 16, 7:38 am)

Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfac..., Theodore Tso, (Sat Aug 16, 11:17 am)

Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfac..., Peter Dolding, (Sun Aug 17, 3:49 am)

Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfac..., , (Sun Aug 17, 4:58 am)

Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfac..., Peter Dolding, (Sun Aug 17, 8:11 pm)

Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfac..., , (Mon Aug 18, 6:54 am)

Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfac..., Peter Dolding, (Mon Aug 18, 9:40 am)

Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfac..., , (Sun Aug 17, 8:32 pm)

Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfac..., Peter Dolding, (Sun Aug 17, 9:20 pm)


linux-kernel:
Andrew Morton	-mm merge plans for 2.6.23
Greg Kroah-Hartman	[PATCH 004/196] Chinese: add translation of SubmittingPatches
Tarkan Erimer	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Gabriel C	Re: [Announce] [patch] Modular Scheduler Core and Completely Fair Scheduler [CFS]
git:

linux-netdev:
Gerrit Renker	[PATCH 03/37] dccp: List management for new feature negotiation
David Miller	[GIT]: Networking
Thomas Jarosch	Re: TCP connection stalls under 2.6.24.7
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
openbsd-misc:

Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforon access scanning

Online users