Language Selection

English French German Italian Portuguese Spanish

Kernel space: Virus scanning API spawns security debate

Filed under
Linux

The TALPA malware scanning API was covered in LWN in December, 2007. Several months later, TALPA is back - in the form of a patch set posted by a Red Hat employee. The resulting discussion has certainly not been what the TALPA developers would have hoped for; it is, instead, a good example of how a potentially useful idea can be set back by poor execution and presentation to the kernel community.

The idea behind TALPA is simple: various companies in the virus-scanning business would like a hook into the kernel which allows them to check for malware and prevent its spread. So the patch adds a hook into the VFS code which intercepts every file open operation. A series of filters can be attached to this intercept, with the most important one being a mechanism which makes the file being opened available to a user-space process as a read-only file descriptor. That process can scan the file and tell the kernel whether the open operation should be allowed to proceed or not. In this way, the scanning process can prevent any sort of access to files which are deemed to contain bits with evil intentions.

There are a few other details, of course. A caching mechanism prevents rescanning of unchanged files, increasing performance considerably.

More here




More in Tux Machines

Giving Linux and LibreOffice a Try for Your Home Office

Running your home office on a tight budget? There's a way to get all of your software—operating system (OS), productivity suite, scores of applications—completely free. It'll cost you, but not in the way you might think. This life-changing alternative is Linux, which gives you more flexibility, more have-it-your-way customization, and more control than Windows or OS X users could ever dream of. I caution that it'll cost you because it's decidedly not for everyone. While it's far friendlier today than it was a year or even six months ago, Linux still requires you to invest, nay, enjoy some time spent setting up and tinkering with your PC. Read more Also: New LibreOffice Vulnerability Patched in Ubuntu 16.04 LTS, Debian and Arch Linux

Containers and Servers

  • What are Linux containers?
  • Does your company have a plan for adopting containers?
    Linux containers are definitely attracting a lot of attention as cloud-native alternatives to virtual machines for application isolation and deployment, but where does your company sit on the adoption spectrum? As organizations grapple with how best to make business decisions in the face of challenges from limited resources, both human and capital, and find the speed of competition rapidly advancing, they must look to not just new technologies but new paradigms in order to stay afloat. Many organizations are looking to Linux containers as a part of this solution.
  • Using nano-segmentation Apcera looks to bring cloud trust to Docker container deployment
    Highly secure trusted cloud platform provider Apcera, Inc. today announced the release of its own approach to securely managing Docker containers in production at scale. The product is an enterprise-ready orchestration framework called the Apcera Trusted Cloud Platform and it is designed to address today’s gaps in container deployment, management and scalability with an eye for trust and security.
  • Analyst Angle: NFV and cloud driving changes in core network licensing models
    As telecom operators move toward NFV, SDN and cloud architectures, licensing models will need to adapt to new deployment methods
  • DevOps done right: Five tips for implementing database infrastructures
    DevOps couldn’t be hotter. To cope with modern customer demands, applications need to be developed, tested and put into production swiftly. Industry experts have been preaching about DevOps for faster, more reliable software development. Gartner expects this development approach will go mainstream by the end of 2016.

AMD and Linux

Unrequited Microsoft, Red Hat in the Way, LinDoz

Christine Hall penned an opt-ed today saying that she remembers Microsoft's dirty tactics, tactics they still employ while professing love for Linux. The media can fawn all they want, but Hall will never trust them. Elsewhere, Jack Germain said LinDoz is a "smooth Windows-Cinnamon blend" and Jamie Watson had nice things to say about KaOS 2016.06. Mint 18 Cinnamon and MATE editions are planned for this week and Red Hat said "RHEL is getting in the way." Read more