On Mon, Aug 04, 2008 at 03:32:49PM -0700, Greg KH wrote:
quoted text > > 1. Intercept file opens (exec also) for vetting (block until
> > decision is made) and allow some userspace black magic to make
> > decisions.
NACK, this kind of policy should be done in kernelspace.
quoted text > > 2. Intercept file closes for scanning post access
Not even possible for mmap, and dumb otherwise, NACK.
quoted text > > 6. Scan files directly not relying on path. Avoid races and problems with namespaces, chroot, containers, etc.
Explain?
quoted text > > 9. Mark a processes as exempt from on access scanning
Nack, this completely defeats the purpose.
quoted text > > 11. Exclude sub-trees from scanning based on filesystem path
> > 12. Include only certain sub-trees from scanning based on filesystem path
Nack, please no pathname based idiocies.
--
unsubscribe notice To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
majordomo@vger.kernel.org
More majordomo info at
http://vger.kernel.org/majordomo-info.html
Please read the FAQ at
http://www.tux.org/lkml/ Messages in current thread:
Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linux inte ... , Christoph Hellwig , (Mon Aug 4, 5:26 pm)
