* Chris Evans (chrisat_private) wrote: > > > The current scheme is to control access to the kernel's core data > > structures. Some of this requires hooks in syscalls, other places this > > does not (the whole networking hook system will not be near the single > > network syscall, from what I think Chris W. has in mind.) > > I think the most important "object" to hook in the networking land is the > "network interface". Quick cheesy example: > - eth0: labelled as low security > - slip0: labelled as high security > /etc/very/secret: labelled as sensitive, high security > process pid 100: has /etc/very/secret open, marked as sensitive > process pid 100 does socket() > process pid 100 tries to bind to IP address owned by eth0 => EPERM!! I agree the device is one piece that we need to watch, but i'm not sure that it is the most important. Look at packet filter firewall rules, they are largely about complete tuples not just devices. In your example, eth0 may need finer granularity than low security. Perhaps it is fine to talk out eth0 to mysercurehost.com on port 22 using tcp even if I have /etc/very/secret open. I'd like to be able to support tcp connect/accept and udp send/recv to/from host:port via device (howz that for non-sense? ;-) -chris _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue May 15 2001 - 15:52:31 PDT