RE: [Full-Disclosure] EFC Released
From: Rainer Gerhards (rgerhards_at_hq.adiscon.com)
To: <firstname.lastname@example.org>, <email@example.com> Date: Thu, 4 Mar 2004 15:12:10 +0100
There has already been a lot of discussion on this concept on this list
(see archives). A major shortcoming of this concept is that some program
code may only very seldomly be excuted (error/exception handlers). As
such, a pogramm may be killed just because it is gracefully handling an
> -----Original Message-----
> From: Timothy Demulder [mailto:firstname.lastname@example.org]
> Sent: Thursday, March 04, 2004 9:45 AM
> To: email@example.com
> Subject: Re: [Full-Disclosure] EFC Released
> On Thu, 04 Mar 2004 11:17:20 +0530
> Balwinder Singh <firstname.lastname@example.org> wrote:
> > Dear All,
> > Execution Flow Control (EFC) is available for download at
> > http://sourceforge.net/projects/efc/
> > What is EFC?
> > EFC monitors the execution of a program by observing system
> calls made
> > by the program. EFC generates a database for each program
> > its behavioral model. The moment request for execution of a
> program is
> > made, kernel also loads program's behavioral model into the memory.
> > Each request by a program is compared with model data base,
> if request
> > agrees with model it is permitted else program is killed.
> > EFC is a kernel module, and woks on Linux only.
> > Sincerely
> > Bal
> Seems very interesting, but how does it affect
> performance/stability of the system/kernel?
> Absolutely nothing should be concluded from these figures except that
> no conclusion can be drawn from them.
> -- Joseph L. Brothers, Linux/PowerPC Project)
Full-Disclosure - We believe in it.