[Gllug] Memory scanning
Richard Jones
rich at annexia.org
Sun Sep 5 09:45:29 UTC 2010
On Sun, Sep 05, 2010 at 12:08:19AM +0100, Steve Parker wrote:
> On 04/09/10 11:44, James Courtier-Dutton wrote:
> > Hi,
> >
> > I am looking for a tool that does the following.
> > 1) Scan an executable binary file to create a checksum.
> > 2) Runs the executable program as a process.
> > 3) Halts execution of a single process
> > 4) Scans the entire process address space to create a checksum
> > 5) Compares the two checksums to discover if any virus or malicious
> > code has been inserted.
> > 6) If all is well, allow the process to schedule again.
> >
>
> Sounds rather like Text Relocation - SELinux will do that for you -
> http://web.archive.org/web/20080514003359/http://people.redhat.com/drepper/textrelocs.html
> (the original seems to have disappeared, and Drepper's redhat page
> directs you to his personal page, suggesting that he left, I must be out
> of touch!)
That'd be news to me. He gave a couple of presentations at the Red
Hat Summit in June. You can find his papers on his personal website
here:
http://www.akkadia.org/drepper/index.html
Rich.
--
Richard Jones
Red Hat
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list