Language Selection

English French German Italian Portuguese Spanish

Kernel space: Virus scanning API spawns security debate

Filed under
Linux

The TALPA malware scanning API was covered in LWN in December, 2007. Several months later, TALPA is back - in the form of a patch set posted by a Red Hat employee. The resulting discussion has certainly not been what the TALPA developers would have hoped for; it is, instead, a good example of how a potentially useful idea can be set back by poor execution and presentation to the kernel community.

The idea behind TALPA is simple: various companies in the virus-scanning business would like a hook into the kernel which allows them to check for malware and prevent its spread. So the patch adds a hook into the VFS code which intercepts every file open operation. A series of filters can be attached to this intercept, with the most important one being a mechanism which makes the file being opened available to a user-space process as a read-only file descriptor. That process can scan the file and tell the kernel whether the open operation should be allowed to proceed or not. In this way, the scanning process can prevent any sort of access to files which are deemed to contain bits with evil intentions.

There are a few other details, of course. A caching mechanism prevents rescanning of unchanged files, increasing performance considerably.

More here




More in Tux Machines

PfSense 2.2 Open Source Firewall Receives Important Security Update

PfSense is a free, open source customized distribution of FreeBSD that has been built to be used as a firewall and router. A new iteration has been released and the distro now sports the 2.2 version number. Read more

Linux-Powered Librem 15 Laptop Crowdfunding Campaign Is a Major Success

Librem 15 is a new Linux-powered laptop that will ship with completely free applications, drivers, and kernel. The crowdfunding campaign for this laptop is almost over and it has been a resounding success. Read more

Black Swift, the tiny wireless computer is on Kickstarter

Another beautiful board is coming to kickstarter: it’s tiny and powerful. Black Swift runs on OpenWRT Linux, and it can be programmed in a bunch of languages, ranging from C/C++ to PHP, Python, Perl, and Bash scripting (there’s also a Node.js port). Read more

Intel Broadwell: GCC 4.9 vs. LLVM Clang 3.5 Compiler Benchmarks

GCC 4.9.2 and LLVM Clang 3.5.0 were benchmarked using the packages provided on Fedora 21 x86_64. The same Lenovo ThinkPad X1 Carbon was used for all of the benchmarks, the first Broadwell laptop/ultrabook at Phoronix and it features the Core i7 5600U that's dual-core with Hyper Threading and tops out at 3.20GHz. Fedora 21 was running with the Linux 3.17.8 kernel while testing each of the provided compilers. Read more