AntiVirus?
Gregory Maxwell
gmaxwell at gmail.com
Mon Mar 21 03:51:12 UTC 2005
On Sun, 20 Mar 2005 22:02:47 -0500, Colin Walters <walters at redhat.com> wrote:
> On Sun, 2005-03-20 at 18:47 -0500, Gregory Maxwell wrote:
> > On Sun, 20 Mar 2005 23:29:12 +0000, Mike Hearn <mike at navi.cx> wrote:
> > > Right. Actually I have a prototype SELinux "quarantine zone" policy file
> > > open in emacs right now. I've been writing a packaging/installer system
> > > for a while and the spyware question is common enough to be in the FAQ:
> >
> > What would be neat is for somone to make a version of GLIBC that can
> > live inside a seccomp jail, a little loader that can prelink an
> > executable with that glibc and put it in the jail, and an interface
> > that lets you "yes / no" syscalls. :)
>
> Prompting the user for access control decisions at the level of system
> calls is not useful unless your target audience is solely "Linux kernel
> developer"; i.e. .01% of Fedora users at best. Even at a much higher
> level you have to assume that if you prompt for this kind of stuff, 50%
> of the time they're going to get it wrong.
Well I was thinking along the lines of the author of one of those
antivirus/worm tools, but you're right.. it would only ever be used
... and other tools like debuggers work just as well for many things.
(plus I recall there was a syscall intercepting expect toolkit thing
published elseware)
More information about the fedora-devel-list
mailing list