Home » Mailing list archives » linux-kernel » 2008 » August » 4

[RFC 1/5] [TALPA] Hooking points and kernel interception

!MAILaRCHIVE_VOTE_RePLACE
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Eric Paris <eparis@...>
To: <malware-list@...>, <linux-kernel@...>
Cc: Eric Paris <eparis@...>
Subject: [RFC 1/5] [TALPA] Hooking points and kernel interception
Date: Monday, August 4, 2008 - 5:00 pm

Core of the functionality is to insert hooking points at appropriate
places and pass events for vetting.

Vetting works via three chain of filters. First an interception is
passed to a evaluation chain whose purpose is to decide whether the
access should be allowed or denied. Depending on the outcome either
allow or deny filter chain is run next.

Signed-off-by: Eric Paris <eparis@redhat.com>
---

 Documentation/talpa/design.txt          |  266 +++++++++++++++++++++++++++++++
 fs/open.c                               |   10 ++
 include/linux/talpa.h                   |   88 ++++++++++
 security/Kconfig                        |    1 +
 security/Makefile                       |    2 +
 security/talpa/Kconfig                  |    9 +
 security/talpa/Makefile                 |    7 +
 security/talpa/talpa.h                  |   64 ++++++++
 security/talpa/talpa_allow_calls.h      |    5 +
 security/talpa/talpa_deny_calls.h       |    5 +
 security/talpa/talpa_evaluation_calls.h |    6 +
 security/talpa/talpa_interceptor.c      |  116 ++++++++++++++
 12 files changed, 579 insertions(+), 0 deletions(-)

diff --git a/Documentation/talpa/design.txt b/Documentation/talpa/design.txt
new file mode 100644
index 0000000..5df07bf
--- /dev/null
+++ b/Documentation/talpa/design.txt
@@ -0,0 +1,266 @@
+
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
[RFC 1/5] [TALPA] Hooking points and kernel interception, Eric Paris, (Mon Aug 4, 5:00 pm)
Re: [RFC 1/5] [TALPA] Hooking points and kernel interception, Christoph Hellwig, (Mon Aug 4, 8:28 pm)
[RFC 2/5] [TALPA] securityfs configuration interfaces, Eric Paris, (Mon Aug 4, 5:00 pm)
[RFC 3/5] [TALPA] Access result caching, Eric Paris, (Mon Aug 4, 5:00 pm)
[RFC 4/5] [TALPA] Exclude threads from decision making, Eric Paris, (Mon Aug 4, 5:00 pm)
[RFC 5/5] [TALPA] Userspace vetting of open and close access., Eric Paris, (Mon Aug 4, 5:00 pm)