Language Selection

English French German Italian Portuguese Spanish

Kernel space: Virus scanning API spawns security debate

Filed under
Linux

The TALPA malware scanning API was covered in LWN in December, 2007. Several months later, TALPA is back - in the form of a patch set posted by a Red Hat employee. The resulting discussion has certainly not been what the TALPA developers would have hoped for; it is, instead, a good example of how a potentially useful idea can be set back by poor execution and presentation to the kernel community.

The idea behind TALPA is simple: various companies in the virus-scanning business would like a hook into the kernel which allows them to check for malware and prevent its spread. So the patch adds a hook into the VFS code which intercepts every file open operation. A series of filters can be attached to this intercept, with the most important one being a mechanism which makes the file being opened available to a user-space process as a read-only file descriptor. That process can scan the file and tell the kernel whether the open operation should be allowed to proceed or not. In this way, the scanning process can prevent any sort of access to files which are deemed to contain bits with evil intentions.

There are a few other details, of course. A caching mechanism prevents rescanning of unchanged files, increasing performance considerably.

More here




More in Tux Machines

The Community Has Brought The Unity 8 Desktop To Ubuntu 18.04

Besides bringing Ubuntu Touch to new mobile devices, the UBports team has also managed to continue their community-driven work on advancing the Unity 8 convergence desktop after Canonical abandoned work on it last year. They now have Unity 8 working on top of Ubuntu 18.04 LTS. The UBPorts' fork of Unity 8 is now working on Ubuntu 18.04 LTS where as previously they were focused on older versions of Ubuntu. Installation instructions can be found via this GitHub repository with this being work found outside of the official Ubuntu archives. Ubuntu 16.04 LTS and 18.04 LTS users can make use of the project's install scripts where they have assembled an APT archive with their own packages of Unity 8 complete with Mir. Read more

Android Leftovers

You Can Now Turn Your Old Moto G2 "Titan" Phone Into an Ubuntu Phone, Here's How

Walid Hammami managed to port UBports' Ubuntu Touch mobile operating system on the Moto G2 2014 smartphone, which features a Qualcomm MSM8226 Snapdragon 400 chip, 1GB RAM, and 8GB internal storage. As such, Moto G2 has been accepted by the UBports project as the first community supported device, and it's a well-done port with everything working just fine, including Wi-Fi, GSM, 3G, GPS, Bluetooth, SMS, Camera, Ubuntu Store, etc. Read more

OSS: IBM, Logz.io, Forbes FUD and OpenAI