On Mon, 23 Apr 2001 22:51:58 PDT, Seth Arnold <sarnoldat_private> said: > Then the library/program should pay attention to the error stored in > errno. If the connect() etc fails from lack of permission, the EPERM > stored in errno ought to let it know that it didn't have permission. If Actually, that wasn't for the library/program, it was a callback to the LSM saying "you said it was OK, but it died for other reasons later"... > the connect() etc fails from lack of other endpoint, the ENOROUTE (yes, > laugh at me for not knowing the errno returned :) ought to let the > process/LSM know that it didn't have an endpoint. The process gets the ENOROUTE - the LSM *doesnt* unless you have the callback hook - that was the point there.. > security through obscurity trick. Second, a module is entirely free to > have a function hook in connect() similar to this: > > static int connect_try = 0; > int mediate_connect_hook(<args go here>) > { > if (++connect_try > 10) > return ENOPERM; > return 0; > } > > int mediate_close_hook(<args go here>) > { > if (--connect_try < 0) > return ESMARTASS; > return 0; > } Note that you have a ++ leak on failed connect() calls, because the program has an open socket, and can call connect() multiple times till it works, without calling close() in between.... > Of course, a real module would go to the trouble of allowing close() > only once on open()ed sockets. Some sort of table of nonces would make a > great deal of sense here. > Third, I don't see how the error status of "host up/down" versus > "permitted to make this connection" helps locate scanning attempts or > other bad things. Hey, it was a 1AM example ;) > I don't see why a customized error message is required for this case. Oh - no error message is needed here - this was "feed info back to the LSM". > I realize that lack of easy examples is not proof that the functionality > of a second specialized error return value isn't needed. But, remember > LSM's charter is to be fast, lightweight, and not screw with things too > badly. Forcing two error returns for all syscalls seems to fall under > the "screws with things" category, at least from my vantage point. No, this one isn't 2 error returns - this one is "tell the LSM what the errno you handed to the user was"... /Valdis
This archive was generated by hypermail 2b30 : Tue Apr 24 2001 - 07:18:24 PDT