Dear Debian Kernel Team, We are reaching out to you at the recommendation of
one of your community members.
We, Kaspersky Lab develop anti-malware security software to secure Linux File
Servers.
We are reaching out to you to request that the following configuration
parameters be enabled in Debian 8 and/or Debian9
CONFIG_FANOTIFY=y
CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
We are asking this request on behalf of our end users and us for the following
reasons:
* Our solution is based on intercepting systems calls to the virtual
file system, which works well, although causes some inconvenience to end users.
* The end user has to recompile LKM every time a vendor releases a new
kernel and sometimes the end user has to contact our support department in
order to obtain the latest version of the kernel module.
* Also intrusion to sys_call_table in some cases may invalidate support
with some vendors. In order to improve end user experience we have attempted to
add Fanotify technology to our product, but realized that some vendors do not
support it in their mainstream kernels.
* Specifically in Debian 7 option CONFIG_FANOTIFY_ACCESS_PERMISSIONS is
switched off in the default kernel config, which makes it impossible to block
access to infected objects.
o Because of this the end user can download and execute malware from the
Debian file server and receive a notification only after the computer is
already infected.
o In order for us to stay away from intercepting system calls and operating
only in the user space we need all Linux vendors to enable both options in
their kernels:
? CONFIG_FANOTIFY=y
? CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
* We have entered a request for this change in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690737
* At this time other Linux vendors (RedHat starting with v.7, Ubuntu
starting with v.14.04.4) have included this option (FANOTIFY_ACCESS_PERMISSION)
in their distributives
In the next versions of our products we are going to support the fanotify
technology for the OSs listed above, thus ensuring a higher level of protection
for users of these operating systems.
By not having the same functionality across all Linux vendors, increases the
delivery time of protection updates and lowers the level of protection of
Debian users.
If you need more information, have any concerns, or need help from our
developers and testers please let us know.
It is very important for us, and I am sure you. that our joint customers feel
confident that they are using the best, secure solution for their environment.
Thank you in advance for your support in this request.
Please let us know what we can expect and if you would like to discuss further.
Kind Regards
Linda
Linda Arens | Director, Technology Alliances | Kaspersky Lab
Direct: +1 650-726-7539 | M: 650-888-0533 |
[email protected]<mailto:[email protected]>
www.securelist.com<http://www.securelist.com>
www.kaspersky.com<http://www.kaspersky.com>
