On Wed, Aug 6, 2008 at 10:10 PM, Press, Jonathan <Jonathan.Press@ca.com> wrote:This buffer overflow risk and other equals are why LSM's exist. It put jails around applications so they cannot do any more than they are meant to. Its called risk reduction something that is most likely a new idea to people coming from a windows background. It also makes exploiting a flawed applicaiton tricky. Do something that application should not normally do it will be blocked and trip the LSM alarm that could be set to straight up terminate the offending application. Yes a true shot on sign of trouble system. This is what you anti-virus guys call behaviour monitoring same system some anti-virus software uses to detect unknown viruses. So 2 left should never happen since we have at least a part fix for all of them. This is how it has to work. Failure is not a option in our eyes. If you have a percent missed that is a failure of there is not something else to prevent damage. We are not Windows users with weak setup systems. We don't want weak distributions out there. Nice if some anti-virus products started demanding a min standard LSM to run side by side with them. LSM's are already embedded core system exploitation prevention. LSM currently don't extend deep enough into users to really tighten completely down on the Users account. So far I have not found a exact list of what is needed by AV or Malware companies that say LSM stacking is needed. That says stacked LSM's are needed. So I will bring a few things to the table. Number one LSB is working on a common packaging API using DBUS based off policy kit. So malware application installers run in users own account and to install into the system have to go threw a scan able interface. So far I have not seen AV companies there working in improving the design. Prevention beats cure. This reduces a issue of malware to the Users own account without heavy handed scanning. So scanning becomes reduced to user editable files. Linux firewall supports user mode modules so antivirus can scan network traffic and use built in firewall to monitor for malware. File scanning look no deeper than fusefs. http://clamfs.sourceforge.net/. Alter the automount system to wrap this over the top of user mounted file systems and locations of user editable and your are done. Now credentials patch that has not got mainline yet also provides user mode daemon support to override filesystem permissions. Could also be integrated into a Anti Virus Scanner. credentials is not a LSM really its centralisation of permission information so its no longer speed all over the kernel. There are sections in containers as well that could cover bits.. TPM segments appear in 2.6.27 as well that will also make a core system breach harder. Now please layout what you need Anti-Virus Companies. Don't use clueless desktop users as a reason. Linux could already provide the needed interfaces just not LSM. Now please provide a detailed list of exactly what you need Anti-virus companies. Most likely everything you need already exists mainline or in a development side line. Extra coders to get some of those features mainline would be good. Peter Dolding PS how to I get my email on the malware-list@lists.printk.net So it does not bounce things to me. --
| FUJITA Tomonori | Re: Linux 2.6.25-rc4 |
| Greg KH | [GIT PATCH] driver core patches against 2.6.24 |
| Jan Engelhardt | intel iommu (Re: -mm merge plans for 2.6.23) |
| Artem Bityutskiy | [PATCH 11/44 take 2] [UBI] allocation unit header |
git: | |
| David Miller | [GIT]: Networking |
| Gerrit Renker | [PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side) |
| David Miller | Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock(). |
| Natalie Protasevich | [BUG] New Kernel Bugs |
