Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforon access scanning

On Mon, Aug 18, 2008 at 7:17 AM, David Collier-Brown <davecb@xxxxxxx> wrote:
Peter Dolding wrote:

Currently if we have a unknown infection on a windows partition that
is been shared by linux the scanner on Linux cannot see that the
windows permissions has been screwed with. OS with badly damaged
permissions is a sign of 1 of three things. ...

It's more likely that the files will reside on Linux/Unix under
Samba, and so the permissions that Samba implements will be the ones
that the virus is trying to mess up. These are implemented in
terms of the usual permission bits, plus extended attributes/ACLs.
Linux systems mounting Windows filesystems are somewhat unusual (;-))

More desktop use of Linux more cases of ntfs and fat mounted under
Linux. Funny enough linux mounting windows file systems is 100
percent normal for most Ubuntu users so there are a lot of them out
there doing it. I am future looking there are other filesystems
coming with there own issues as well.

Same issue with samba no common store for extra permissions exist so
on file systems that don't support there permissions storage it goes
back into there tdb storage.

Basically scanning everything to detect issues currently nicely
complex. We have a huge permissions mess. Some permissions are
processed by the file system drivers. Some are processed by vfs then
others processed and stored by individual applications. So no where
in Linux can you see all the permissions being applied to a single
file to be sure there is not a secuirty risk somewhere. Samba or
equal allowing access to remove a virus signature from the black list
or added something that should not be allowed to the white list would
be major problems.

Posix has not helped US here at all. No where in posix does it
provide anything to clean up this mess. Does solarias have a solution
I know BSD and Linux does not. I think all posix OS's have a mess in
this section.

Peter Dolding
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Relevant Pages

  • Re: File compatibility issues with LAN drive
    ... Windows did not have a file "executable" flag, ... linux does. ... systems and NFTS file system permissions. ...
    (sci.electronics.design)
  • Re: D3 Optimise and REMOVE
    ... neither of which had experience with Linux. ...  Spooler, permissions, services, patches, ... process monitoring, communications and LAN interoperability... ... GUI in windows as well) ...
    (comp.databases.pick)
  • Re: Problem with Google Mail and Ubuntu
    ... Whilst there have been some viruses written for Linux, ... way of accessing root permissions), is to enable root permissions to be ... virii can in Windows). ...
    (Ubuntu)
  • Re: PS3 MAME
    ... commands lide sudo this and nano that to be able to get what i want. ... which gives you root permissions. ... It is similar to the "Run as" command of Windows. ... Tired of Windows malware but fear to try out Linux? ...
    (alt.games.mame)
  • Re: [opensuse] How do I mount USB drive world writable using device notifier?
    ... and only r permissions for groups and others. ... I can see how this was confusing, but I am trying to be thorough because I have no idea where the trouble may lie and I am NOT a Linux guru by any means. ... I use Samba to export the root directory / as a share named slash on each of our laptops. ... Anywise, after we have our laptops up and running, we will plug in our external USB drives, and use the KDE device notifier to mount them. ...
    (SuSE)