From: Pavel Machek <pavel@suse.cz>
To: John Ogness <dazukocode@ogness.net>
Cc: linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk,
malware-list@lists.printk.net, eparis@redhat.com,
hch@infradead.org, alan@lxorguk.ukuu.org.uk
Subject: Re: [PATCH 0/5] VFS: DazukoFS, stackable-fs, file access control
Date: Wed, 24 Dec 2008 09:53:01 +0100 [thread overview]
Message-ID: <20081224085300.GA1539@ucw.cz> (raw)
In-Reply-To: <864p0u202o.fsf@johno-ibook.fn.ogness.net>
On Tue 2008-12-23 19:55:27, John Ogness wrote:
> On 2008-12-23, Pavel Machek <pavel@suse.cz> wrote:
> >> MOTIVATION
> >>
> >> Since 2001 various anti-virus vendors have been providing
> >> out-of-tree solutions for online virus scanning. Although GNU/Linux
> >> systems currently are not targets of virus authors, many
> >> organizations are interested in online virus scanning on
> >> Linux-based servers in order to help protect Microsoft Windows
> >> clients. It is often argued that file scanning should be
> >> implemented in the various services (such as Samba, Apache, vsftpd,
> >> etc.), and indeed many such solutions have been
> >> implemented. However, there is a continued demand for a
> >> kernel-based solution because it can guard the entire filesystem
> >> independent from the types and numbers of services running on a
> >> system.
> >
> > Somewhere here you should mention that unlike other solutions that
> > work 100% of time, dazuko is be design racy and may still allow
> > viruses to be spread from linux system when mmap is used.
>
> This thread is about DazukoFS. I feel there is no need to discuss
> previous incarnations of Dazuko, all of which share _no_ code with
> DazukoFS.
>
> If you are aware of a race condition in DazukoFS, please report
> it. Thank you.
I'm surprised, do you claim there is none?
So how do you handle mmap(...MAP_SHARED) case?
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
next prev parent reply other threads:[~2008-12-24 8:53 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-21 14:52 [PATCH 0/5] VFS: DazukoFS, stackable-fs, file access control John Ogness
2008-12-21 14:56 ` [PATCH 1/5] " John Ogness
2008-12-21 14:57 ` [PATCH 2/5] " John Ogness
2008-12-21 14:59 ` [PATCH 3/5] " John Ogness
2008-12-21 15:00 ` [PATCH 4/5] " John Ogness
2008-12-21 15:01 ` [PATCH 5/5] " John Ogness
2008-12-21 15:48 ` [PATCH 1/5] " Bastian Blank
2008-12-21 17:56 ` John Ogness
2008-12-23 11:54 ` [PATCH 0/5] " Pavel Machek
2008-12-23 18:55 ` John Ogness
2008-12-24 8:53 ` Pavel Machek [this message]
2008-12-24 12:11 ` John Ogness
2008-12-26 18:30 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081224085300.GA1539@ucw.cz \
--to=pavel@suse.cz \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=dazukocode@ogness.net \
--cc=eparis@redhat.com \
--cc=hch@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=malware-list@lists.printk.net \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox