Re: [RFC 0/5] [TALPA] Intro to a linux interface for on access scanning

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
From: Cliffe
Date: Monday, August 4, 2008 - 8:01 pm

If we had stackable LSMs then the required functionality could simply be 
built into the LSM interface. Then the anti-malware would simply stack 
itself with other LSMs. In my opinion this is a perfect example for the 
argument of stackable LSMs. So far we mainly have LSMs which provide an 
extra access control mechanism (in addition to DAC). IMHO, Ideally DAC 
could be another stackable LSM (enabled by default). Other security 
schemes such as intrusion detection, firewalls/netfilter, anti-malware, 
and application restrictions (sandboxes such as jails or finer grained 
restrictions such as AppArmor) could all register LSMs onto the stack.

Additional infrastructure would be necessary. Permissible security 
remains a item of contention. Perhaps I am naive but I think most LSMs 
could work based on accept/reject. Where every LSM must accept an action 
in order for it to be carried out.

MHO,

Cliffe.

Casey Schaufler wrote:
--
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:
Re: [RFC 0/5] [TALPA] Intro to a linux interface for on ac ..., Cliffe, (Mon Aug 4, 8:01 pm)
Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linux inte ..., David Collier-Brown, (Wed Aug 6, 4:31 am)
Sidebar to [malware-list] [RFC 0/5] [TALPA] Intro to a lin ..., David Collier-Brown, (Wed Aug 6, 4:40 am)
Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinter ..., David Collier-Brown, (Mon Aug 11, 9:11 am)