Re: 2001_05_09 patch against 2.4.4

From: Chris Wright (chrisat_private)
Date: Tue May 15 2001 - 15:50:23 PDT

  • Next message: Chris Evans: "Re: 2001_05_09 patch against 2.4.4"

    * Chris Evans (chrisat_private) wrote:
    > > The current scheme is to control access to the kernel's core data
    > > structures.  Some of this requires hooks in syscalls, other places this
    > > does not (the whole networking hook system will not be near the single
    > > network syscall, from what I think Chris W. has in mind.)
    > I think the most important "object" to hook in the networking land is the
    > "network interface". Quick cheesy example:
    > - eth0: labelled as low security
    > - slip0: labelled as high security
    > /etc/very/secret: labelled as sensitive, high security
    > process pid 100: has /etc/very/secret open, marked as sensitive
    > process pid 100 does socket()
    > process pid 100 tries to bind to IP address owned by eth0 => EPERM!!
    I agree the device is one piece that we need to watch, but i'm not sure that
    it is the most important.  Look at packet filter firewall rules, they are
    largely about complete tuples not just devices.  In your example, eth0 may
    need finer granularity than low security.  Perhaps it is fine to talk out
    eth0 to on port 22 using tcp even if I have
    /etc/very/secret open.  I'd like to be able to support tcp connect/accept
    and udp send/recv to/from host:port via device (howz that for non-sense? ;-)
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Tue May 15 2001 - 15:52:31 PDT