http://www.ranum.com/security/computer_security/editorials/dumb/ explained in detail that filtering badness is a dumb idea, so if we wanted to build a linux antivirus software, we would need a whitelist of programs that would be allowed to execute. We can easily use the rpm database for that. But what is missing, is a mechanism through that the kernel would check before executing $binary if it is OK to run it. There are security modules like apparmor and selinux - maybe parts of those can be used for this purpose? Otherwise we can learn from their implementation.

We need to research open questions about how to handle scripts, home dirs, USB sticks etc... What about modified system binaries (rpm -qfV $binary tells) ?

bmwiedemann is dropping this project with the recommendation of mount -o noexec,nodev /home and such classic methods. You cannot forbid interpreters like bash anyway.

Looking for hackers with the skills:

Nothing? Add some keywords!

This project is part of:

Hack Week 15

Activity

  • almost 8 years ago: mwilck liked this project.
  • almost 8 years ago: dwaas liked this project.
  • almost 8 years ago: mbrugger liked this project.
  • almost 8 years ago: bmwiedemann originated this project.

  • Comments

    Be the first to comment!

    Similar Projects

    This project is one of its kind!