On Fri, 5 Oct 2001, Seth Arnold wrote: > > I have no idea about progress on this front -- I don't know much about > the Linux networking code. I know I would appreciate it if someone could > assure me that the information available in the networking hooks allows > for dropping packets, mangling packets?, Yes, for IPv4 networking, we're hooked into Netfilter, which allows us to quite flexibly intercept, mangle and drop packets. There are also some non-Netfilter IPv4 hooks for dealing with fragmentation, IP options and tunneling. > modifying the security state of > processes, based on rules including task information, interface, > addresses used, etc... This is possible. The current SELinux prototype is an example of how the combined use of LSM hooks and security blobs (e.g. netdev, skb, inode, task) may be used to implement MAC permission checks at every layer of the stack. - James -- James Morris <jmorrisat_private> _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Fri Oct 05 2001 - 20:25:27 PDT