On Mon, 2008-08-04 at 20:26 -0400, Christoph Hellwig wrote:
What? You want to write and in kernel scanner for Window viruses?
I don't know when files get closed and can't preemptively scan to make
sure it is clean for the next open? Any writes are going to invalidate
the allow/deny cache....
The data connected with the file being opened must as reasonably as
possible be the data the 'scanner' looks at. Some foolish early
discussion wanted to do simplistic things like pass a pathname to a
scanner and have it call open on that path name. I'm willing to
entertain any other method of making the scanner look at the data the
process is about to get.
What? it allows a process to open a file that contains malware, how is
that horrible. If a process says "I want to see malware" it can then
see malware. Doesn't in any way affect other processes or the system
security as a whole. If 'bad' data gets into a file its going to get
blocked from everything that doesn't actively choose to see it.
Go read the long explainations, I already rules out path based
inclusions. I'm leaving exclusions up for grabs since I don't see it
weakening the security model.
--
