Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforon access scanning

[Greg KH]

A: http://en.wikipedia.org/wiki/Top_post
Q: Were do I find info about this thing called top-posting?
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

On Tue, Aug 05, 2008 at 02:34:26PM -0400, Press, Jonathan wrote:
> You're right...I am not talking about blocking at all -- which may be a
> further indication that I am missing the specific point of this thread.
> 
> But be that as it may...  I don't want to have to use more than one
> interface to get all the events I am interested in.  I want to register
> as a client and listen, and get everything I need from the same place.

That's an implementation issue, not a requirement.  If it's a
requirement, it sure is a lazy one :)

> Also, it seems to me that for my purposes, close is discrete enough.  It
> tells me that there is now something out there that should be looked at.

So, if you hook glibc to catch all calls to close, is that sufficient?

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/