RE: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforon access scanning

[Press, Jonathan]

-----Original Message-----
From: Theodore Tso [mailto:tytso@xxxxxxx] 
Sent: Tuesday, August 05, 2008 2:55 PM
To: Press, Jonathan
Cc: Greg KH; Arjan van de Ven; Eric Paris; linux-kernel@xxxxxxxxxxxxxxx;
malware-list@xxxxxxxxxxxxxxxx; linux-security-module@xxxxxxxxxxxxxxx
Subject: Re: [malware-list] [RFC 0/5] [TALPA] Intro to
alinuxinterfaceforon access scanning

On Tue, Aug 05, 2008 at 02:38:23PM -0400, Press, Jonathan wrote:
> Is your point that Linux and Unix machines are less vulnerable to
> viruses?  If so, that's not relevant to my point at all.  A Unix
machine
> can be a carrier, passing infections on to other vulnerable platforms
> (guess which one).  An enterprise security system sees the entire
> enterprise as an integrated whole -- not just individual machines with
> their own separate attributes and no impact on each other at all.

Sure, but if that's the case, you don't need to have a blocking open()
interface.  Having inotify tell your application that a file
descriptor that had been opened for writing has been closed
(IN_CLOSE_WRITE) should be quite sufficient.


[JON PRESS]  I don't get the connection between what I said and your
point about not needing blocking open() interface.  If I ftp into a
Linux machine and GET an infected file, you want FTP to go right ahead
and read it and send it to me over the wire?

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/