Something escaped my first pass. Note that two of these hooks have parameters that are user-space variables - accept and setsockopt. In the first case, accept, they should be removed. In the second case, setsockopt, it's not clear whether an LSM module would care precisely what value is being set. It would need to be copied into kernel memory and the possibly of a race condition exists. Perhaps removing these paramters would be the safest thing to do. chris. On Fri, 20 Jul 2001, Chris Vance wrote: > Attached is a patch for review. It contains hooks to implement > socket-level security checks. The patch was generated from our cvs > repository, but should apply cleanly against the July 6 LSM tree (2.4.6 > kernel). > > This patch makes no attempts to secure skbuffs or network devices. We are > still working towards an implementation that is most likely to be accepted > by the kernel folks. To that end, we are going to see what we can do with > the netfilter code rather than directly modifying the ip input/ouput > routines or modifying the sk_buff structure (which apparently would be > difficult to gain approval for). If anyone has any relevant insight, I > would welcome it. > > What it does do is provide hooks for: > create & post_create bind > connect listen > accept sendmsg > recvmsg getsockname > getpeername getsockopt > setsockopt shutdown > > In the cases of connect and accept, SELinux is likely to need something > more than the hooks provided here. I'm still looking into the best way to > do what we need. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Jul 20 2001 - 13:11:38 PDT