On Fri, 13 Apr 2001, Jeff V. Merkey wrote:
> > Backup and AV software is not in the kernel, so they would
> > be unable to use the thing, exported or not. Please, don't
> > bring the strawmen.
>
> Some NT anti-virus stuff is in-kernel, and it's there to catch people
> writing viruses that act like device drivers. One day, if and
<shrug> If attacker can trick kernel into loading _any_ untrusted code,
no matter what contents it got, in ring 0 - you've lost anyway.
> when a Linux virus shows it's ugly head disguised as a kernel module, you
> will be backpeddling on this statement, and wishing we had in
No, I will be busy fixing the hole that allows to get untrusted code loaded.
I don't give a fsck whether it's a virus or not - if admin authorized it
it's his responsibility, if not - ability to get it into the kernel space is
a gaping hole that should be closed.
> > Use filp_open() - it's that simple.
>
> Thanks. This is what I needed to know. I saw filp_open() in the
> EXPORTS file, but was uncertain if this would be an unchanging API.
Yes, it is. It's a kernel counterpart of open() - the only difference
is that instead of installing a reference to file into descriptor
table and returning the descriptor it returns the reference itself.
Arguments are the same as in case of open() and it's certainly there
to stay.
Al
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Apr 13 2001 - 22:28:11 EDT