The TALPA molehill

So I'm running malware-list for these guys and I'll be sorting out the lack of public indexing
- it's not intentional, it's just a fact that I'm travelling this week and can't fix the
mailman setup until next week.

When I was looking at this problem (before cunningly handing it off to Eric :P) my main
concern was trying to do away with the hacks - especially syscall table hacks (which these
days not only have to unprotect the table, but deal with relocatable kernel issues) - and have
something more pragmatic. No "solution" can ever guarantee that bad bits aren't getting into
the system - you can mmap a file and feed "bad" bits into it that other applications will see
but cunningly arrange for the file to seem ok on open/close, and other things. But a small
hook is hardly a big deal for the kernel especially if there's no overhead for those who don't
use it.

The alternative would seem to be that vendors end up being pressured into taking patches into
Enterprise kernels that are disjoint from upstream.