Date: Tue, 5 Aug 2008 13:32:47 +0100
From: Alan Cox <alan@lxorguk.ukuu.org.uk>
To: "Kyle Moffett" <kyle@moffetthome.net>
Cc: "Christoph Hellwig" <hch@infradead.org>, "Eric Paris" <eparis@redhat.com>,
       "Greg KH" <greg@kroah.com>, malware-list@lists.printk.net,
       linux-kernel@vger.kernel.org
Subject: Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linux interface for
 on access scanning
Message-ID: <20080805133247.70f1f28b@lxorguk.ukuu.org.uk>
In-Reply-To: <f73f7ab80808042249r4a29510foedbbae595c947028@mail.gmail.com>
References: <1217883616.27684.19.camel@localhost.localdomain>
	<20080804223249.GA10517@kroah.com>
	<20080805002618.GA18215@infradead.org>
	<1217897224.27684.66.camel@localhost.localdomain>
	<20080805005415.GA10108@infradead.org>
	<f73f7ab80808042249r4a29510foedbbae595c947028@mail.gmail.com>
Organization: Red Hat UK Cyf., Amberley Place, 107-111 Peascod Street,
 Windsor, Berkshire, SL4 1TE, Y Deyrnas Gyfunol. Cofrestrwyd yng Nghymru a
 Lloegr o'r rhif cofrestru 3798903
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 725
Lines: 20

> Much better solution:

And one which was found lacking about 1950...

> Problem solved.  Untrusted and possibly-compromised files can't be
> executed, or even if they could be they can't do anything

Two things
- Scripts
- Attacks based on compromising a live binary

You can use SELinux to control what is executed and it is a very
effective management control technique. However it doesn't control
javascript in web pages, exploits that popen perl and chat to it and so
on...
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/