headers
Rajesh Nikam | 12 Mar 2004 13:30
Picon
Favicon

Re: Dazuko-devel Digest, Vol 13, Issue 1


----- Original Message ----- 
From: <dazuko-devel-request <at> nongnu.org>
To: <dazuko-devel <at> nongnu.org>
Sent: Friday, March 12, 2004 9:44 AM
Subject: Dazuko-devel Digest, Vol 13, Issue 1

> Send Dazuko-devel mailing list submissions to
> dazuko-devel <at> nongnu.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://mail.nongnu.org/mailman/listinfo/dazuko-devel
> or, via email, send a message with subject or body 'help' to
> dazuko-devel-request <at> nongnu.org
>
> You can reach the person managing the list at
> dazuko-devel-owner <at> nongnu.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Dazuko-devel digest..."
>
>
> Today's Topics:
>
>    1. Re: FreeBSD 5 support (John Ogness)
>    2. 2.0.1-pre1 posted (John Ogness)
>
>
> ----------------------------------------------------------------------
>
(Continue reading)

Permalink | Reply | 0 comments |
headers
John Ogness | 19 Mar 2004 19:06
Picon

Dazuko Injector?

Hi,

I have been approached by IBM about Dazuko being able to support 
non-kernel file access. I think this could be very useful because it 
would mean that Dazuko could be used for database accesses or for other 
userland applications, such as a direct Samba plugin.

Here is my idea for an implementation:

A daemon, which can register itself as an "event injector". Rather than 
being responsible for controlling file accesses, this daemon will inject 
access event into Dazuko and get a response if the event is ok. This 
would allow any userland process to utilize Dazuko daemons without 
having to be concerned about the daemons themselves.

At first, an injector daemon would only be able to inject events that 
specify files on the filesystem. In the future this could possibly be 
expanded to support streams, so that no files are ever written to the 
hard drive (ie. database objects could be streamed directly to the 
various Dazuko daemons). This would be much further off, but I want to 
get the idea out on the table.

Any thoughts?

John Ogness

--

-- 
Dazuko Maintainer
Permalink | Reply | 0 comments |
headers
fred wu | 23 Mar 2004 15:21
Picon
Favicon

On access scanning in Windows XP?

Hi all,
  I would like to make dazuko support "on access scanning" in Windows XP. I have search the archives and it seems that it dosen't have thread about it. Does anyone have done it in windows?
  Could anyone give me an hint or some reference on how to support dazuko for windows XP?  As I know Norton, Macfee or Sophos can do on access scanning. I think it is really difficult. Could anyone tell me the mechanism?
  I will be appreciate for any kind of help! Thank You for your time!
Best,
Fred

必殺技、飲歌、小星星...
浪漫鈴聲 情心連繫
http://ringtone.yahoo.com.hk/

_______________________________________________
Dazuko-devel mailing list
Dazuko-devel <at> nongnu.org
http://mail.nongnu.org/mailman/listinfo/dazuko-devel
Permalink | Reply | 4 comments |
headers
John Ogness | 23 Mar 2004 21:52
Picon

Re: On access scanning in Windows XP?

fred wu wrote:
> Hi all,
>   I would like to make dazuko support "on access scanning" in Windows 
> XP. I have search the archives and it seems that it dosen't have thread 
> about it. Does anyone have done it in windows?
>   Could anyone give me an hint or some reference on how to support 
> dazuko for windows XP?  As I know Norton, Macfee or Sophos can do on 
> access scanning. I think it is really difficult. Could anyone tell me 
> the mechanism?
>   I will be appreciate for any kind of help! Thank You for your time!
> Best,
> Fred

Hi,

A Windows XP extension for Dazuko would require writing a device filter.
This is not difficult, if you can get the correct documentation.

John Ogness

--

-- 
Dazuko Maintainer
Permalink | Reply | 3 comments |
headers
fred wu | 24 Mar 2004 03:47
Picon
Favicon

Re: On access scanning in Windows XP?

Hi John Ogness,
 
  Thank You for your email first :)
 
  I found that in dazuko directory has dazukoio_xp.h, dazuko_xp.c  and dazuko_xp.h. Is it all the neccessary file for XP? By the way, does the filter can scan all the file format? I observed that some antivirus software can only on access scan .dll, .sys and .com file. However, some antivirus can on access all file.
  As you said, if I write a device filter, window xp will support dazuko, right? So, does Window XP support on access scan itself? or does window XP support device filter? As I know, linux don't support on access scan. So, it needs to hack the kernel.
 One more question, where can I find more correct documentation on device filter?
  Thank you for your time!
 
Best,
Fred

John Ogness <jogness <at> antivir.de> wrote:
fred wu wrote:
> Hi all,
> I would like to make dazuko support "on access scanning" in Windows
> XP. I have search the archives and it seems that it dosen't have thread
> about it. Does anyone have done it in windows?
> Could anyone give me an hint or some reference on how to support
> dazuko for windows XP? As I know Norton, Macfee or Sophos can do on
> access scanning. I think it is really difficult. Could anyone tell me
> the mechanism?
> I will be appreciate for any kind of help! Thank You for your time!
> Best,
> Fred

Hi,

A Windows XP extension for Dazuko would require writing a device filter.
This is not difficult, if you can get the correct documentation.

John Ogness

--
Dazuko Maintainer

必殺技、飲歌、小星星...
浪漫鈴聲 情心連繫
http://ringtone.yahoo.com.hk/

_______________________________________________
Dazuko-devel mailing list
Dazuko-devel <at> nongnu.org
http://mail.nongnu.org/mailman/listinfo/dazuko-devel
Permalink | Reply | 2 comments |
headers
John Ogness | 24 Mar 2004 09:36
Picon

Re: On access scanning in Windows XP?

fred wu wrote:
>   I found that in dazuko directory has dazukoio_xp.h, dazuko_xp.c  and 
> dazuko_xp.h. Is it all the neccessary file for XP?

No, the dazuko_xp files stand for "Dazuko Cross Platform". This is the main
code of Dazuko, which compiles for all supported platforms (ie. it is
written in ANSI C with no platform-specific actions).

> By the way, does the
> filter can scan all the file format? I observed that some antivirus 
> software can only on access scan .dll, .sys and .com file. However, some 
> antivirus can on access all file.

A filter device in WindowsXP should be able to detect all file access
events. The scanners decide if they want to scan the files or not. A filter
device in WindowsXP is similar to the new Linux Security Model in Linux 2.6
(as far as I know).

>   As you said, if I write a device filter, window xp will support 
> dazuko, right? So, does Window XP support on access scan itself? or does 
> window XP support device filter? As I know, linux don't support on 
> access scan. So, it needs to hack the kernel.

No operating system has direct support for on-access scanning. However, some
operating systems provide mechanisms to cleanly implement an on-access
scanner. Examples include Linux 2.6 LSM, and Windows Filter Devices.

>  One more question, where can I find more correct documentation on 
> device filter?

Google? Microsoft? I am not a Windows user, so I have very little resources
in this area. I have been to several conferences where I talk with people
about Windows. This is how I know that a filter device is how Dazuko would
need to be implemented. However, I have no experience with this, as I have
never really used WindowsXP or done any kind of system programming on Windows.

Almost all anti-virus companies have implemented an on-access scanner for
Windows and all of them are almost certainly using filter devices. As many
of them are starting to choose Dazuko for their GNU/Linux and FreeBSD
scanners, I hope they will be willing to contribute back with some of their
Windows experience. Since every anti-virus company already has Windows
on-access scanners, I don't see the point of "hiding" their code anymore.

John Ogness

--

-- 
Dazuko Maintainer
Permalink | Reply | 0 comments |
headers
Nagy Ferenc László | 24 Mar 2004 11:23

Re: On access scanning in Windows XP?

fred wu wrote:
>  One more question, where can I find more correct documentation on 
> device filter?

The official documentation is in the Installable File System (IFS) Kit: 
http://www.microsoft.com/whdc/ddk/ifskit/default.mspx
"The cost for a License and one kit is $899 + shipping and taxes."

Alternatively you can find examples of filter drivers and file system 
drivers (but not file system filter drivers) at 
http://www.acc.umu.se/~bosse/. It is even possible to write drivers with 
free tools: current Mingw release (http://www.mingw.org/) contains (most 
of) the required DDK headers.

Nagy Ferenc László
also interested
Permalink | Reply | 0 comments |
headers
John Ogness | 24 Mar 2004 23:52
Picon

2.0.1-pre2 posted

Hi,

I have posted a new pre-release of 2.0.1. This version addresses three 
bugs that were reported:

1. "make test" for Linux 2.6 was using dazuko.o instead of dazuko.ko

2. if registration failed for Linux 2.6 (because a security module was 
already registered), the /dev/dazuko device was not unregistered

3. Linux 2.2.x and 2.4.[0-7] could not compile Dazuko because of missing 
snprintf functions in the kernel

All three of these items have been fixed. Thanks for pointing these 
problems out to me. With Dazuko expanding to so many systems, it makes 
it easier for platform-specific problems to creep in.

At CeBIT this year I met with RSBAC's Amon Ott. We went through some 
code together and I think I will be able to get Dazuko running on an 
RSBAC kernel pretty soon. This is big news for Dazuko and RSBAC!

I have also been getting a lot of feedback and patches sent to me 
lately. Please be patient if you don't see your code/ideas showing up 
right away. I take every submission and idea very seriously. Lately I 
find myself having to do a lot of "balancing work" to try and figure out 
how and when I can get these things implemented.

John Ogness

--

-- 
Dazuko Maintainer
Permalink | Reply | 0 comments |
headers
John Ogness | 25 Mar 2004 15:51
Picon

Re: On access scanning in Windows XP?

fred wu wrote:
>   May I know some function of this file(dazukoio.c,
> dazuko_call.c and dazukoio_compat12.c)?

I am afraid I do not understand the question. The files you listed are under
a BSD License. You may use the code as long as the copyright and terms are
left intact. If you improve the code, your improvements would be
appreciated, but you are not required to post them.

>   One more question is does the example_java is for
> cross platform? Actually I have make the java file but
> I can't run it by "java Example". I have copied the
> dazuko_jni.so to /lib, /usr/lib and /usr/local/lib.
> The error is as follow:
> Exception in thread "main"
> java.lang.UnsatisfiedLinkError: no dazuko_jni in
> java.library.path
>         at java.lang.ClassLoader.loadLibrary(Unknown
> Source)
>         at java.lang.Runtime.loadLibrary0(Unknown
> Source)
>         at java.lang.System.loadLibrary(Unknown
> Source)
>         at org.dazuko.Dazuko.<init>(Dazuko.java:52)
>         at Example.main(Example.java:134)

As stated in the example_java/README file, the Makefile assumes that your
Java is installed in /usr/java. If it is not installed there, either add a
link or change the Makefile. Then you can run:

make
make install

This should copy the shared library to the correct path.

John Ogness

--

-- 
Dazuko Maintainer
Permalink | Reply | 0 comments |
headers
Gregory Hinton Nietsky | 26 Mar 2004 13:14
Picon

devfs patch for linux 2.6 (2.0.1-pre2)

--- dazuko_linux26.c    Wed Mar 24 22:16:34 2004
+++ dazuko_linux26.c.greg       Fri Mar 26 12:09:41 2004
 <at>  <at>  -31,6 +31,10  <at>  <at> 
 #include <linux/dcache.h>
 #include <linux/mount.h>

+#ifdef CONFIG_DEVFS_FS
+#include <linux/devfs_fs_kernel.h>
+#endif
+
 ssize_t linux_dazuko_device_read(struct file *, char __user *, size_t, 
loff_t *);
 ssize_t linux_dazuko_device_write(struct file *, const char __user *, 
size_t, loff_t *);
 int linux_dazuko_device_open(struct inode *, struct file *);
 <at>  <at>  -605,7 +609,9  <at>  <at> 
        }

        /* initialization complete */
-
+#ifdef CONFIG_DEVFS_FS
+        devfs_mk_cdev(MKDEV(dev_major, 0), S_IFCHR | S_IRUSR | 
S_IWUSR,"%s",DEVICE_NAME);
+#endif
        return 0;
 }

 <at>  <at>  -623,6 +629,10  <at>  <at> 
                mod_unreg_security(DEVICE_NAME, &dazuko_ops);
        else
                unregister_security(&dazuko_ops);
+
+#ifdef CONFIG_DEVFS_FS
+        devfs_remove("%s",DEVICE_NAME);
+#endif

        return 0;
 }

--
This message has been scanned for viruses and
dangerous content by Network Sentry, and is
believed to be clean.
http://www.networksentry.co.za
Permalink | Reply | 1 comment |

Gmane