[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Configuration parameter request

Dear Debian Kernel Team,  We are reaching out to you at the recommendation of one of your community members.

 

We, Kaspersky Lab develop anti-malware security software to secure Linux File Servers.

 

We are reaching out to you to request that the following configuration parameters be enabled in Debian 8 and/or Debian9

                CONFIG_FANOTIFY=y

CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y

 

We are asking this request on behalf of our end users and us for the following reasons:

·         Our solution is based on intercepting systems calls to the virtual file system, which works  well, although causes some inconvenience to end users.

·         The end user has to recompile LKM every time a vendor releases a new kernel and sometimes the end user has to contact our support department in order to obtain the latest version of the kernel module.

·         Also intrusion to sys_call_table in some cases may invalidate support with some vendors. In order to improve end user experience we have attempted to add Fanotify technology to our product, but realized that some vendors do not support it in their mainstream kernels.

·         Specifically in Debian 7 option CONFIG_FANOTIFY_ACCESS_PERMISSIONS is switched off in the default kernel config, which makes it impossible to block access to infected objects.

o   Because of this the end user can download and execute malware from the Debian file server and receive a notification only after the computer is already infected.

o   In order for us to stay away from intercepting system calls and operating only in the user space we need all Linux vendors to enable both options in their kernels:

§  CONFIG_FANOTIFY=y

§  CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y

·         We have entered a request for this change in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690737

·         At this time  other Linux vendors (RedHat starting with v.7, Ubuntu starting with v.14.04.4) have included this option (FANOTIFY_ACCESS_PERMISSION) in their distributives

 

In the next versions of our products we are going to support the fanotify technology for the OSs listed above, thus ensuring a higher level of protection for users of these operating systems.

 

By not having the same functionality across all Linux vendors, increases the delivery time of protection updates and lowers the level of protection of Debian users.

 

If you need more information, have any concerns, or need help from our developers and testers please let us know.

It is very important for us, and I am sure you. that our joint customers feel confident that they are using the best, secure solution for their environment.

 

Thank you in advance for your support in this request.

Please let us know what we can expect and if you would like to discuss further.

Kind Regards

Linda

 

Linda Arens | Director, Technology Alliances | Kaspersky Lab

Direct: +1 650-726-7539 | M: 650-888-0533 | Linda.Arens@kaspersky.com

www.securelist.com    www.kaspersky.com

 

Reply to: