So I'm running malware-list for these guys and I'll be sorting out the lack of public indexing - it's not intentional, it's just a fact that I'm travelling this week and can't fix the mailman setup until next week. When I was looking at this problem (before cunningly handing it off to Eric :P) my main concern was trying to do away with the hacks - especially syscall table hacks (which these days not only have to unprotect the table, but deal with relocatable kernel issues) - and have something more pragmatic. No "solution" can ever guarantee that bad bits aren't getting into the system - you can mmap a file and feed "bad" bits into it that other applications will see but cunningly arrange for the file to seem ok on open/close, and other things. But a small hook is hardly a big deal for the kernel especially if there's no overhead for those who don't use it. The alternative would seem to be that vendors end up being pressured into taking patches into Enterprise kernels that are disjoint from upstream.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds