From: John Ogness <jogness@antivir.de>
To: Dave Jones <davej@redhat.com>
Cc: Michael Clark <michael@metaparadigm.com>, linux-kernel@vger.kernel.org
Subject: Re: File change notification
Date: Sat, 07 Feb 2004 09:29:12 +0100 [thread overview]
Message-ID: <4024A1D8.9060700@antivir.de> (raw)
On 01/01/04 09:58, Dave Jones wrote:
> On Thu, Jan 01, 2004 at 09:28:08AM +0800, Michael Clark wrote:
> > Have you had a look at dazuko. It provides a consistent file access
> > notification mechanism (and also intervention for denying access)
> > across linux and freebsd. It is currently being used by various
> > on-access virus scanners. It is under active development and
> > supports 2.6 (and 2.4)
>
> Candidate for "Wackiest sys_call_table patching 2004".
> In a word "ick". Code not to be read on a full stomach.
Hi,
I am the current maintainer of Dazuko. Could you please explain your
"wackiest 2004" comment? Do you know of a better way to intercept system
calls for 2.2/2.4 kernels *without* patching the kernel source?
System call hooking is all-around ugly, but unfortunately most operating
systems don't provide a real mechanism for file access control. With the
2.6 kernel, Dazuko uses LSM. This is much more elegant and much safer.
Yes, users have to turn LSM on, but this does not require kernel patches
(and many distributions are turning this feature on by default).
I would appreciate any feedback you may have about how it could be
improved. Keep in mind, I refuse to do anything that requires kernel
source patching.
John Ogness
--
Dazuko Maintainer
next reply other threads:[~2004-02-07 8:31 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-02-07 8:29 John Ogness [this message]
2004-02-07 14:01 ` File change notification Christoph Hellwig
[not found] <18PG9-4og-27@gated-at.bofh.it>
[not found] ` <18TgF-QJ-7@gated-at.bofh.it>
[not found] ` <18TJE-1qL-3@gated-at.bofh.it>
2003-12-31 19:30 ` René Scharfe
-- strict thread matches above, loose matches on Subject: below --
2003-12-31 16:42 Rüdiger Klaehn
2003-12-31 18:20 ` Javier Fernandez-Ivern
2003-12-31 18:48 ` Rüdiger Klaehn
2004-01-01 1:28 ` Michael Clark
2004-01-01 1:58 ` Dave Jones
2004-01-01 2:18 ` Michael Clark
2004-01-01 2:30 ` Javier Fernandez-Ivern
2004-01-01 13:11 ` Rüdiger Klaehn
2003-12-31 20:49 ` Javier Fernandez-Ivern
2004-01-01 9:02 ` Juergen Hasch
2004-01-01 10:47 ` jw schultz
2004-01-01 12:44 ` Rüdiger Klaehn
2004-01-03 6:32 ` Jan Harkes
2002-11-01 21:31 file " Colin Burnett
2002-11-01 22:19 ` Chris Wright
2002-11-02 15:43 ` Jamie Lokier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4024A1D8.9060700@antivir.de \
--to=jogness@antivir.de \
--cc=davej@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=michael@metaparadigm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.