Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforon access scanning

From: Eric Paris
Date: Tue Aug 05 2008 - 16:56:57 EST

Next message: Paul Moore: "Re: [RFC 0/5] [TALPA] Intro to a linux interface for on access scanning"
Previous message: Alan Cox: "Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linux interface foron access scanning"
In reply to: Arjan van de Ven: "Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforonaccess scanning"
Next in thread: Al Viro: "Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforon access scanning"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2008-08-05 at 13:38 -0700, Arjan van de Ven wrote:
> and again please explain how you
> deal with write-to-mmap-after-close)

http://marc.info/?l=linux-security-module&m=121796172212429&w=2

Write after close will invalidate the close time caching decision, but
will still get caught on the next open....

-Eric

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Paul Moore: "Re: [RFC 0/5] [TALPA] Intro to a linux interface for on access scanning"
Previous message: Alan Cox: "Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linux interface foron access scanning"
In reply to: Arjan van de Ven: "Re: [malware-list] [RFC 0/5] [TALPA] Intro to a linuxinterfaceforonaccess scanning"
Next in thread: Al Viro: "Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforon access scanning"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]