login
Login
/
Register
Search
Search this site:
Forums
News
Blogs
Features
Site
Home
»
Mailing list archives
»
linux-kernel
»
2008
»
August
»
18
Re: TALPA - a threat model? well sorta.
view
thread
Previous message: [
thread
] [
date
] [
author
]
Next message: [
thread
] [
date
] [
author
]
[view in full thread]
From: Pavel Machek
Subject:
Re: TALPA - a threat model? well sorta.
Date: Monday, August 18, 2008 - 6:30 am
Hi!
quoted text
> >How does it work? Memory can still change after mmap; > >scanning at the > >mmap time is _NOT_ enough. > > > >You could do 'when app attempts to dirty memory, > >synchronously unmap > >it from all apps that have it mapped' and then do sync > >scan on > >pagefault time; but that sounds impractical. > > what is the threat you are trying to defend against? > > for some threats you are right, for others the scan at > mmap time is enough.
I don't see any threats when check at mmap time is okay. As soon as file servers use mmap, this race can bite you even in very simple 'make sure Linux fileserver does not pass on windows malwar' threat model. Pavel -- (english)
http://www.livejournal.com/~pavelmachek
(cesky, pictures)
http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
unsubscribe notice
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to
majordomo@vger.kernel.org
More majordomo info at
http://vger.kernel.org/majordomo-info.html
Please read the FAQ at
http://www.tux.org/lkml/
Previous message: [
thread
] [
date
] [
author
]
Next message: [
thread
] [
date
] [
author
]
Messages in current thread:
Re: TALPA - a threat model? well sorta.
, Alan Cox
, (Wed Aug 13, 9:24 am)
TALPA - a threat model? well sorta.
, Eric Paris
, (Wed Aug 13, 9:36 am)
Re: TALPA - a threat model? well sorta.
, Alan Cox
, (Wed Aug 13, 9:37 am)
Re: TALPA - a threat model? well sorta.
, Eric Paris
, (Wed Aug 13, 9:47 am)
Re: TALPA - a threat model? well sorta.
, Greg KH
, (Wed Aug 13, 9:57 am)
Re: TALPA - a threat model? well sorta.
, Eric Paris
, (Wed Aug 13, 10:00 am)
Re: TALPA - a threat model? well sorta.
, Christoph Hellwig
, (Wed Aug 13, 10:07 am)
Re: TALPA - a threat model? well sorta.
, Arjan van de Ven
, (Wed Aug 13, 10:39 am)
Re: TALPA - a threat model? well sorta.
, Theodore Tso
, (Wed Aug 13, 11:15 am)
Re: TALPA - a threat model? well sorta.
, Andi Kleen
, (Wed Aug 13, 11:17 am)
Re: TALPA - a threat model? well sorta.
, H. Peter Anvin
, (Wed Aug 13, 11:21 am)
Re: TALPA - a threat model? well sorta.
, Arjan van de Ven
, (Wed Aug 13, 11:21 am)
Re: TALPA - a threat model? well sorta.
, Arjan van de Ven
, (Wed Aug 13, 11:24 am)
Re: TALPA - a threat model? well sorta.
, Eric Paris
, (Wed Aug 13, 11:40 am)
Re: TALPA - a threat model? well sorta.
, Eric Paris
, (Wed Aug 13, 11:57 am)
Re: TALPA - a threat model? well sorta.
, Eric Paris
, (Wed Aug 13, 12:02 pm)
Re: TALPA - a threat model? well sorta.
, Theodore Tso
, (Wed Aug 13, 12:29 pm)
Re: TALPA - a threat model? well sorta.
, Alan Cox
, (Wed Aug 13, 12:59 pm)
Re: [malware-list] TALPA - a threat model? well sorta.
, Alan Cox
, (Wed Aug 13, 2:13 pm)
RE: [malware-list] TALPA - a threat model? well sorta.
, Press, Jonathan
, (Wed Aug 13, 2:15 pm)
Re: [malware-list] TALPA - a threat model? well sorta.
, Alan Cox
, (Wed Aug 13, 2:23 pm)
RE: [malware-list] TALPA - a threat model? well sorta.
, Press, Jonathan
, (Wed Aug 13, 2:24 pm)
Re: [malware-list] TALPA - a threat model? well sorta.
, Rik van Riel
, (Wed Aug 13, 2:35 pm)
Re: TALPA - a threat model? well sorta.
, Arjan van de Ven
, (Wed Aug 13, 2:39 pm)
Re: TALPA - a threat model? well sorta.
, 7v5w7go9ub0o
, (Wed Aug 13, 5:14 pm)
Re: TALPA - a threat model? well sorta.
, Mihai
, (Wed Aug 13, 5:18 pm)
Re: TALPA - a threat model? well sorta.
, 7v5w7go9ub0o
, (Wed Aug 13, 7:25 pm)
Re: TALPA - a threat model? well sorta.
, tvrtko.ursulin
, (Thu Aug 14, 2:18 am)
Re: [malware-list] TALPA - a threat model? well sorta.
, tvrtko.ursulin
, (Thu Aug 14, 2:30 am)
Re: [malware-list] TALPA - a threat model? well sorta.
, tvrtko.ursulin
, (Thu Aug 14, 2:46 am)
RE: [malware-list] TALPA - a threat model? well sorta.
, Press, Jonathan
, (Thu Aug 14, 4:58 am)
RE: [malware-list] TALPA - a threat model? well sorta.
, Press, Jonathan
, (Thu Aug 14, 5:03 am)
RE: [malware-list] TALPA - a threat model? well sorta.
, tvrtko.ursulin
, (Thu Aug 14, 5:27 am)
Re: [malware-list] TALPA - a threat model? well sorta.
, Mihai
, (Thu Aug 14, 5:34 am)
Re: TALPA - a threat model? well sorta.
, Arnd Bergmann
, (Thu Aug 14, 6:00 am)
Re: [malware-list] TALPA - a threat model? well sorta.
, Theodore Tso
, (Thu Aug 14, 6:24 am)
Re: [malware-list] TALPA - a threat model? well sorta.
, Arjan van de Ven
, (Thu Aug 14, 6:46 am)
Re: [malware-list] TALPA - a threat model? well sorta.
, Eric Paris
, (Thu Aug 14, 6:48 am)
Re: TALPA - a threat model? well sorta.
, Eric Paris
, (Thu Aug 14, 7:12 am)
Re: [malware-list] TALPA - a threat model? well sorta.
, Theodore Tso
, (Thu Aug 14, 8:50 am)
Re: TALPA - a threat model? well sorta.
, Arjan van de Ven
, (Thu Aug 14, 8:57 am)
Re: [malware-list] TALPA - a threat model? well sorta.
, Eric Paris
, (Thu Aug 14, 10:29 am)
Re: [malware-list] TALPA - a threat model? well sorta.
, Theodore Tso
, (Thu Aug 14, 12:17 pm)
Re: [malware-list] TALPA - a threat model? well sorta.
, Eric Paris
, (Thu Aug 14, 12:20 pm)
Re: [malware-list] TALPA - a threat model? well sorta.
, Christoph Hellwig
, (Thu Aug 14, 12:34 pm)
Re: [malware-list] TALPA - a threat model? well sorta.
, Theodore Tso
, (Thu Aug 14, 12:41 pm)
Re: [malware-list] TALPA - a threat model? well sorta.
, Christoph Hellwig
, (Thu Aug 14, 1:20 pm)
Re: [malware-list] TALPA - a threat model? well sorta.
, J. Bruce Fields
, (Thu Aug 14, 2:21 pm)
Re: [malware-list] TALPA - a threat model? well sorta.
, Theodore Tso
, (Thu Aug 14, 4:34 pm)
Re: TALPA - a threat model? well sorta.
, david
, (Thu Aug 14, 6:31 pm)
Re: [malware-list] TALPA - a threat model? well sorta.
, david
, (Thu Aug 14, 6:37 pm)
Re: [malware-list] TALPA - a threat model? well sorta.
, david
, (Thu Aug 14, 6:44 pm)
Re: [malware-list] TALPA - a threat model? well sorta.
, Theodore Tso
, (Thu Aug 14, 7:04 pm)
Re: [malware-list] TALPA - a threat model? well sorta.
, Eric Paris
, (Thu Aug 14, 8:25 pm)
Re: [malware-list] TALPA - a threat model? well sorta.
, Arjan van de Ven
, (Thu Aug 14, 8:41 pm)
Re: [malware-list] TALPA - a threat model? well sorta.
, david
, (Thu Aug 14, 9:48 pm)
Re: [malware-list] TALPA - a threat model? well sorta.
, david
, (Thu Aug 14, 10:05 pm)
Re: [malware-list] TALPA - a threat model? well sorta.
, Johannes Weiner
, (Thu Aug 14, 10:12 pm)
Re: [malware-list] TALPA - a threat model? well sorta.
, david
, (Thu Aug 14, 10:28 pm)
Re: [malware-list] TALPA - a threat model? well sorta.
, david
, (Thu Aug 14, 10:36 pm)
Re: [malware-list] TALPA - a threat model? well sorta.
, Alan Cox
, (Fri Aug 15, 1:51 am)
Re: TALPA - a threat model? well sorta.
, Helge Hafting
, (Fri Aug 15, 3:07 am)
Re: TALPA - a threat model? well sorta.
, Peter Zijlstra
, (Fri Aug 15, 3:37 am)
Re: TALPA - a threat model? well sorta.
, tvrtko.ursulin
, (Fri Aug 15, 3:44 am)
RE: [malware-list] TALPA - a threat model? well sorta.
, Press, Jonathan
, (Fri Aug 15, 6:10 am)
Re: [malware-list] TALPA - a threat model? well sorta.
, douglas.leeder
, (Fri Aug 15, 6:18 am)
Re: [malware-list] TALPA - a threat model? well sorta.
, Pavel Machek
, (Fri Aug 15, 7:31 am)
Re: [malware-list] TALPA - a threat model? well sorta.
, Pavel Machek
, (Fri Aug 15, 7:37 am)
Re: TALPA - a threat model? well sorta.
, Pavel Machek
, (Fri Aug 15, 9:06 am)
RE: [malware-list] TALPA - a threat model? well sorta.
, david
, (Fri Aug 15, 9:25 am)
RE: [malware-list] TALPA - a threat model? well sorta.
, Press, Jonathan
, (Fri Aug 15, 9:30 am)
Re: [malware-list] TALPA - a threat model? well sorta.
, Theodore Tso
, (Fri Aug 15, 10:04 am)
RE: [malware-list] TALPA - a threat model? well sorta.
, david
, (Fri Aug 15, 10:33 am)
RE: [malware-list] TALPA - a threat model? well sorta.
, Press, Jonathan
, (Fri Aug 15, 10:40 am)
RE: [malware-list] TALPA - a threat model? well sorta.
, david
, (Fri Aug 15, 10:47 am)
Re: [malware-list] TALPA - a threat model? well sorta.
, Valdis.Kletnieks
, (Fri Aug 15, 11:06 am)
RE: [malware-list] TALPA - a threat model? well sorta.
, Press, Jonathan
, (Fri Aug 15, 11:09 am)
RE: [malware-list] TALPA - a threat model? well sorta.
, Press, Jonathan
, (Fri Aug 15, 11:17 am)
Re: [malware-list] TALPA - a threat model? well sorta.
, david
, (Fri Aug 15, 1:05 pm)
RE: [malware-list] TALPA - a threat model? well sorta.
, david
, (Fri Aug 15, 1:08 pm)
Re: [malware-list] TALPA - a threat model? well sorta.
, Jan Harkes
, (Fri Aug 15, 1:16 pm)
Re: [malware-list] TALPA - a threat model? well sorta.
, Theodore Tso
, (Fri Aug 15, 1:17 pm)
Re: [malware-list] TALPA - a threat model? well sorta.
, Arjan van de Ven
, (Fri Aug 15, 3:05 pm)
Re: [malware-list] TALPA - a threat model? well sorta.
, David Collier-Brown
, (Sun Aug 17, 2:11 pm)
Re: [malware-list] TALPA - a threat model? well sorta.
, Eric Paris
, (Sun Aug 17, 4:19 pm)
Re: [malware-list] TALPA - a threat model? well sorta.
, Arjan van de Ven
, (Sun Aug 17, 4:26 pm)
Re: [malware-list] TALPA - a threat model? well sorta.
, Helge Hafting
, (Mon Aug 18, 3:02 am)
Re: [malware-list] TALPA - a threat model? well sorta.
, Helge Hafting
, (Mon Aug 18, 3:09 am)
Re: [malware-list] TALPA - a threat model? well sorta.
, Peter Zijlstra
, (Mon Aug 18, 3:14 am)
Re: [malware-list] TALPA - a threat model? well sorta.
, tvrtko.ursulin
, (Mon Aug 18, 3:24 am)
Re: [malware-list] TALPA - a threat model? well sorta.
, douglas.leeder
, (Mon Aug 18, 3:25 am)
Re: TALPA - a threat model? well sorta.
, david
, (Mon Aug 18, 5:21 am)
Re: TALPA - a threat model? well sorta.
, Pavel Machek
, (Mon Aug 18, 6:30 am)
Re: [malware-list] TALPA - a threat model? well sorta.
, Alan Cox
, (Mon Aug 18, 8:33 am)
Re: [malware-list] TALPA - a threat model? well sorta.
, Rik van Riel
, (Mon Aug 18, 9:43 am)
Re: TALPA - a threat model? well sorta.
, david
, (Mon Aug 18, 5:03 pm)
Re: [malware-list] TALPA - a threat model? well sorta.
, J. Bruce Fields
, (Tue Aug 19, 2:43 pm)
Navigation
Mailing list archives
Recent posts
Popular discussions
linux-kernel
:
Mel Gorman
Re: [PATCH 1/4] vmstat: remove zone->lock from walk_zones_in_node
Guenter Roeck
Re: [lm-sensors] Location for thermal drivers
David Woodhouse
Re: RFC: Moving firmware blobs out of the kernel.
Siddha, Suresh B
Re: [PATCH 2.6.21 review I] [11/25] x86: default to physical mode on hotplug CPU k...
Peter Zijlstra
Re: [patch 4/6] mm: merge populate and nopage into fault (fixes nonlinear)
git-commits-head
:
Linux Kernel Mailing List
[MIPS] Fix potential latency problem due to non-atomic cpu_wait.
Linux Kernel Mailing List
USB: rename USB_SPEED_VARIABLE to USB_SPEED_WIRELESS
Linux Kernel Mailing List
lib/vsprintf.c: fix bug omitting minus sign of numbers (module_param)
Linux Kernel Mailing List
[Bluetooth] Initiate authentication during connection establishment
Linux Kernel Mailing List
[POWERPC] 4xx: Add ppc40x_defconfig
linux-netdev
:
MERCEDES
Your mail id has won 950,000.00 in the MERCEDES Benz Online Promo.for claims send:
David Miller
Re: [PATCH] xen/netfront: do not mark packets of length < MSS as GSO
David Miller
Re: skb_segment() questions
Shan Wei
[RFC PATCH net-next 2/5]IPv6:netfilter: Send an ICMPv6 "Fragment Reassembly Timeou...
Stanislaw Gruszka
[PATCH 1/4] bnx2x: use smp_mb() to keep ordering of read write operations
git
:
Nicolas Sebrecht
git-svn died of signal 11 (was "3 failures on test t9100 (svn)")
Junio C Hamano
Re: [PATCH 2/2] Add url.<base>.pushInsteadOf: URL rewriting for push only
Martin Langhoff
Re: [PATCH] GIT commit statistics.
Alexandre Julliard
[PATCH] gitweb: Put back shortlog instead of graphiclog in the project list.
Josh Triplett
[PATCH 2/2] Add url.<base>.pushInsteadOf: URL rewriting for push only
openbsd-misc
:
Taisto Qvist XX
Re: AMD GEODE LX-800 just works with kernel from install42.iso and kernelpanics wi...
Nico Meijer
Re: gOS Develop Kit with VIA pc-1 Processor Platform VIA C7-D
Andreas Bihlmaier
Re: jetway board sensors (Fintek F71805F)
admin
Drive a 2009 car from R799p/m
Antti Harri
Re: how to create a sha256 hash
Colocation donated by:
Syndicate
