scanning on write

Posted Oct 24, 2006 16:14 UTC (Tue) by nix (subscriber, #2304)
In reply to: scanning on write by skitching
Parent article: Critical Linux security API is still a kludge (Inquirer)

- program A mmap()s foo.so
- nasty program B mmap()s foo.so and infects it
- program A now sees the virus-infected pages and so is magically infected too

So yes, you have to scan on each write: at least on each write of a file opened by more than one process.