Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757299AbYHHCG4 (ORCPT ); Thu, 7 Aug 2008 22:06:56 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1754202AbYHHCGs (ORCPT ); Thu, 7 Aug 2008 22:06:48 -0400 Received: from smtpq1.tilbu1.nb.home.nl ([213.51.146.200]:44556 "EHLO smtpq1.tilbu1.nb.home.nl" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753781AbYHHCGs (ORCPT ); Thu, 7 Aug 2008 22:06:48 -0400 Message-ID: <489BAA25.3030004@keyaccess.nl> Date: Fri, 08 Aug 2008 04:06:29 +0200 From: Rene Herman User-Agent: Thunderbird 2.0.0.16 (X11/20080707) MIME-Version: 1.0 To: Eric Paris CC: Theodore Tso , Greg KH , Alan Cox , malware-list@lists.printk.net, linux-kernel@vger.kernel.org Subject: Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linux interface for on access scanning References: <20080804223249.GA10517@kroah.com> <1217896374.27684.53.camel@localhost.localdomain> <20080805005132.GA3661@kroah.com> <20080805122328.69a37c1d@lxorguk.ukuu.org.uk> <20080805170307.GB9639@kroah.com> <1217962602.27684.144.camel@localhost.localdomain> <20080805203007.GB27489@kroah.com> <1218048597.27684.276.camel@localhost.localdomain> <20080806210202.GA9413@mit.edu> <1218058081.5837.49.camel@localhost.localdomain> <20080806215244.GA21462@mit.edu> <1218118603.5837.101.camel@localhost.localdomain> In-Reply-To: <1218118603.5837.101.camel@localhost.localdomain> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: 1.0 (+) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1242 Lines: 27 On 07-08-08 16:16, Eric Paris wrote: > Absolutely, I think that our solution needs worry much less about an > actively attacking root process than Windows. Note by the way that this assumption is being actively undermined by all those companies releasing software released as big executable blobs that you just have to chmod +x and run; as root if you want them in /opt, or /usr/local/bin, or ... Even when OpenOffice.org, IBM Lotus Symphony, RealPlayer, Flash, what have you, might generally by themselves not be considered virusses both the precedent they set and the opportunity for infecting systems by offering those for re-download from elsewhere is worrying. One of the more useful things the security crowd could do to keep the above assumption valid would be working on a general "external software installer" and getting all distributions to settle on it (which probably needs a common divisor package and distro backends to feed it to the native package manager). Rene. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/