Language Selection

English French German Italian Portuguese Spanish

Kernel space: Virus scanning API spawns security debate

Filed under
Linux

The TALPA malware scanning API was covered in LWN in December, 2007. Several months later, TALPA is back - in the form of a patch set posted by a Red Hat employee. The resulting discussion has certainly not been what the TALPA developers would have hoped for; it is, instead, a good example of how a potentially useful idea can be set back by poor execution and presentation to the kernel community.

The idea behind TALPA is simple: various companies in the virus-scanning business would like a hook into the kernel which allows them to check for malware and prevent its spread. So the patch adds a hook into the VFS code which intercepts every file open operation. A series of filters can be attached to this intercept, with the most important one being a mechanism which makes the file being opened available to a user-space process as a read-only file descriptor. That process can scan the file and tell the kernel whether the open operation should be allowed to proceed or not. In this way, the scanning process can prevent any sort of access to files which are deemed to contain bits with evil intentions.

There are a few other details, of course. A caching mechanism prevents rescanning of unchanged files, increasing performance considerably.

More here




More in Tux Machines

Fanless network appliance runs Linux on Marvell Armada 370

Axiomtek’s fanless “NA150″ network appliance runs Linux on a Marvell Armada 370 SoC and offers five GbE ports, a 2.5-inch drive bay, and mini-PCIe wireless. The NA150 is latest addition to Axiomtek’s family of compact desktop and rack-mountable network appliances, but it appears to be the first to stray from the well-trodden x86 path. Unlike the company’s similar circa-2011 NA330 and NA320R systems, which were powered by Intel Atoms, the NA150 is built around Marvell’s ARMv7-based Armada 370 system-on-chip. Read more

Real pics of Samsung's clamshell Android with 16 MP camera emerge, flippin' awesome

Samsung's flip Android comes with two 3.9-inch Super AMOLED panels with 768 by 1280 pixels of resolution, both of them protected by layers of Corning's Gorilla Glass 4, which is the same ultra-resistant glass that you're going to find on high-end Samsung handsets such as the Galaxy Note5 or the Galaxy S6. The handset draws its processing power from the hexa-core Qualcomm Snapdragon 808 chipset, a SoC that's paired with 2 GB of RAM. Read more

OpenBSD Is Getting Its Own Native Hypervisor

The OpenBSD Foundation has been funding work on a project to provide OpenBSD with its own, native hypervisor. The hypervisor's VMM is so far able to launch a kernel and ask for a root file-system, but beyond that, it's been laying most of the hypervisor foundation up to this point. Read more

The Death of Ubuntu's Software Center

Over the past few weeks, the fate of Ubuntu's Software Center has received a lot of press. There have been ample ravings about how the Software Center is about to vanish from the face of the Earth. In reality, it's not going anywhere yet. What is changing, however, will be the ability to submit new applications or updates to existing applications. In this article, I'll explain what this means and where things will likely go from here. Read more