On Sun, 02 Dec 2007 21:22:40 +0100, Pavel Machek said: > Well, if you only want to detect viruses _sometimes_, you can just > LD_PRELOAD your scanner. And for some use cases, that probably *is* the best answer.. > I guess the A/V people should describe what they are trying to do, as > in > > "forbidden sequences of bits should never hit disk" or "forbidden > sequences of bits should be never read from disk" or something... We probably want to hear related usages as well - what *besides* A/V would be interested? Indexing services? Software that tries to limit the distribution of sensitive info off the machine - for instance, imagine a rule that said "Data that comes from a file that contains SSNs or the string 'Corporate Secret' data isn't allowed to leave the computer" and a Perl-like 'taint' concept. I'm not saying its *doable*, but it's certainly a goal that somebody would like to achieve...
Attachment:
pgpz5WGboWFmu.pgp
Description: PGP signature
- Follow-Ups:
- Re: Out of tree module using LSM
- From: Pavel Machek <[email protected]>
- Re: Out of tree module using LSM
- References:
- Re: Out of tree module using LSM
- From: Andi Kleen <[email protected]>
- Re: Out of tree module using LSM
- From: [email protected]
- Re: Out of tree module using LSM
- From: Pavel Machek <[email protected]>
- Re: Out of tree module using LSM
- From: [email protected]
- Re: Out of tree module using LSM
- From: Pavel Machek <[email protected]>
- Re: Out of tree module using LSM
- Prev by Date: Re: [patch 11/14] Powerpc: Use generic per cpu
- Next by Date: Re: [feature] automatically detect hung TASK_UNINTERRUPTIBLE tasks
- Previous by thread: Re: Out of tree module using LSM
- Next by thread: Re: Out of tree module using LSM
- Index(es):
 |