LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Kernel-based malware scanning

Kernel-based malware scanning

Posted Dec 13, 2007 13:05 UTC (Thu) by RobLucid (guest, #49530)
Parent article: Kernel-based malware scanning 

The root PDF example is facetious, a competent security module could 
decline access to a file that could be re-written by a non-privileged 
user.  Also it could deny read access, to files currently held open for 
Write by other users.  Similarly, it could decline write access to files, 
that have open file descriptors held by other users, similar to the 
default file locking used by OS like VMS.

SunOS 4 had a union type file system, that was COW, it was used as basis 
for a source code management system.  That might also be an interesting 
approach, at price of losing POSIX filesystem semantics.

Actually a COW filesystem, overlay for chroot-ed daemons, would allow 
hard-linking of most of the files, so it wouldn't just be useful when some 
kind of file scanning was intended.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds