Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforon access scanning

From: Arjan van de Ven
Date: Tue Aug 05 2008 - 16:41:29 EST

Next message: James Bottomley: "Re: [PATCH 1/2] pci: add misrouted interrupt error handling"
Previous message: Andrew Morton: "Re: [PATCH] hugetlb: call arch_prepare_hugepage() for surplus pages"
In reply to: Alan Cox: "Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforon access scanning"
Next in thread: Press, Jonathan: "RE: [malware-list] [RFC 0/5] [TALPA] Intro to a linux interfaceforon access scanning"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 5 Aug 2008 21:12:43 +0100
Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> wrote:

> > this is post-compromise scenario; if you have enough root rights to
> > do that then it's game over.
>
> You still want to know if you spot this. And the root rights thing
> assumes no selinux. For a large case of uses I would agree however.

if selinux wouldn't stop a "not really root" root from writing to ld.so
stuff you have a different problem ;-)

--
If you want to reach me at my work email, use arjan@xxxxxxxxxxxxxxx
For development, discussion and tips for power savings,
visit http://www.lesswatts.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: James Bottomley: "Re: [PATCH 1/2] pci: add misrouted interrupt error handling"
Previous message: Andrew Morton: "Re: [PATCH] hugetlb: call arch_prepare_hugepage() for surplus pages"
In reply to: Alan Cox: "Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforon access scanning"
Next in thread: Press, Jonathan: "RE: [malware-list] [RFC 0/5] [TALPA] Intro to a linux interfaceforon access scanning"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]