User: Password:
Subscribe / Log in / New account

Kernel-based malware scanning

Kernel-based malware scanning

Posted Dec 13, 2007 13:05 UTC (Thu) by RobLucid (guest, #49530)
Parent article: Kernel-based malware scanning

The root PDF example is facetious, a competent security module could 
decline access to a file that could be re-written by a non-privileged 
user.  Also it could deny read access, to files currently held open for 
Write by other users.  Similarly, it could decline write access to files, 
that have open file descriptors held by other users, similar to the 
default file locking used by OS like VMS.

SunOS 4 had a union type file system, that was COW, it was used as basis 
for a source code management system.  That might also be an interesting 
approach, at price of losing POSIX filesystem semantics.

Actually a COW filesystem, overlay for chroot-ed daemons, would allow 
hard-linking of most of the files, so it wouldn't just be useful when some 
kind of file scanning was intended.

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds