Re: Security through Permissiveness: A Zen Riddle?

From: Chris Wright (chrisat_private)
Date: Wed Jul 18 2001 - 09:00:27 PDT

  • Next message: Greg KH: "Re: TODO list"

    * Shane Kerr (shane@time-travellers.org) wrote:
    > <offtopic level="slight">
    > 
    > This seems like implementation to me - as long as the hooks are there an
    > LSM can do what it wishes.  If the hooks work like:
    > 
    >   if ((port < 1024) && biguglyprocess_struct->uid) {
    >       return EPERM;
    >   }
    >   if (fancykernelhook->lsm->bindhook) {
    >       ret = (fancykernelhook->lsm->bindhook)(port);
    >       if (ret) return ret;
    >   }
    > 
    > Then no LSM can ever implement a policy to allow non-root users to bind
    > low ports.
    
    to be clear:  the code looks like:
     if (snum && snum < PROT_SOCK && !capable(CAP_NET_BIND_SERVICE))
        return -EACCESS;
    
    and we hook in capable...so there is an override mechanism.  yes, you
    can make a module that allows any user to bind to protected ports.
    
    -chris
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Wed Jul 18 2001 - 09:03:24 PDT