[systemd-devel] Creating executable device nodes in /dev?
Andy Lutomirski
luto at kernel.org
Wed Dec 9 19:32:47 UTC 2020
On Wed, Dec 9, 2020 at 11:22 AM Topi Miettinen <toiwoton at gmail.com> wrote:
>
> On 9.12.2020 17.14, Andy Lutomirski wrote:
> >
> Maybe also malware which can escape all means of detection, enforced by
> the CPU? Though I don't know if any malware scanners for Linux work can
> check for fileless, memory only malware.
I don't think this is really relevant to malware detection. You can't
do syscalls from SGX code, for example, and, even if you could,
malware behavior analysis would be unaffected. The concern seems to
be more that, once someone has discovered some malware, if it's
protected by SGX then it's plausible that you can't disassemble it.
>
> >
> > In Intel’s original vision, only specially licensed vendors could create SGX software, but Linux pushed back against this quite hard, and new CPUs allow unlicensed enclaves. So your Skylake CPUs support SGX, but not on Linux.
>
> Kudos to Linux for the push.
:)
I don't know if Linux gets full credit for this, but I think we at
least had some impact.
More information about the systemd-devel
mailing list