Mailinglist Archive: opensuse (2803 mails)
|< Previous||Next >|
Re: [opensuse] Re: A BIG "show stopper" for openSUSE at the corporate level anyway!!
- From: "Brian K. White" <brian@xxxxxxxxx>
- Date: Tue, 8 Jul 2008 13:52:50 -0400
- Message-id: <012f01c8e123$70ddd3f0$6b00000a@venti>
----- Original Message -----
From: "Fred A. Miller" <fmiller@xxxxxxxxxxxxx>
To: "opensuse" <opensuse@xxxxxxxxxxxx>
Sent: Tuesday, July 08, 2008 1:16 PM
Subject: Re: [opensuse] Re: A BIG "show stopper" for openSUSE at the corporate
Jim Henderson wrote:
On Tue, 08 Jul 2008 03:41:25 +0200, Carlos E. R. wrote:
At worst, you can only do damage to your own user. No big deal. Next
time you will be more careful :-P
Arguably, Carlos, damaging files in your own user home directory is the
bigger deal. I don't know about others here, but I can replace my OS; I
can't replace my documents.
Quite right, Jim. Carlos is smug about this whole issue, but because of
Linux's popularity, we WILL SOON have much more of this to deal with. On
access filtering IS the correct answer when your mail isn't being fed
through your own or business email server software. Here again, in
particular for newbies, it MUST be working out-of-the-box - easy for
them to install and setup.
I think you are just plain wrong about this. You can stop picking on Carlos.
Many people who are smarter than you or I share the same opinion on this topic.
(It could also be argued that smarter people than me wrote dazuko, *shrug*)
Universal, kernel-level, on-access scanning is a horrendous kludge patch
slapped onto an otherwise insecure and fundamentally insecurable os (windows).
It's necessary there because the underlying os is not capable of promising
To make linux or any *ix do that is retarded. Otherwise, why stop at files? If
the on-access argument is valid, then so is memory acces, and nic traffic, and
serial traffic, and keybaord input, etc... Take the on-access argument to it's
next logical progression and have memory access scanning. But, what will scan
the memoy before it's accessed? Code stored in other memory. Better scan
_that_... never ending and basically not sane.
The sane approach is make the kernel able to make certain promises, and all of
kernel and userspace can safely make assumptions based on that.
In the case of linux, barring the usual exceptions of plain bugs which all
software has including virus scanners, the kernel can and does make those
promises, and so it is perfectly safe to build the rest of the system on top of
that and so only certain files ever need to be scanned and those only need to
be scanned during certain operations, not every access by the kernel.
Files in a samba share can be scanned _by samba_ or by an agent samba invokes,
as they are being written or read _via samba_.
Any other files and subsystems can have a similar targeted scanning module,
such as postfix, etc..
You are right that software should do a better job of "just working", but you
should probably not try to meddle in basic system design.
Instead, openSUSE, if it's going to declare that dazuko is not a proper design
and will not be supported, should probably just remove all rpm's and
dpendancies rather than have broken ones in the repo's. And place an
explanation in the release notes.
Let MS do on-access scanning. The fact that it needs to is just part of why
that os sucks. We do not need to emulate it.
Brian K. White brian@xxxxxxxxx http://www.myspace.com/KEYofR
filePro BBx Linux SCO FreeBSD #callahans Satriani Filk!
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
|< Previous||Next >|