Critical Linux security API is still a kludge (Inquirer)

Posted Oct 24, 2006 14:27 UTC (Tue) by arjan (subscriber, #36785)
In reply to: Critical Linux security API is still a kludge (Inquirer) by bluefoxicy
Parent article: Critical Linux security API is still a kludge (Inquirer)

fuse doesn't do good enough mmap for virus scanners.
fuse only gets to see the mmap page (when written to) at the final commit to the fs; but before that it has been in the VM for a LONG time, and visible to all other apps that have that file open. So the virus evil can already have taken place....

(and before you say "but the other app scans on open", at the time that app opened the file it may well not have been infected yet; many apps have .so files open as mmap for a really long time, weeks if not months)