Re: Any assured channel work for Linux

From: Russell Coker (russellat_private)
Date: Mon Sep 16 2002 - 14:19:12 PDT

  • Next message: Chris Wright: "Re: Any assured channel work for Linux"

    On Mon, 16 Sep 2002 17:08, Tim Bird wrote:
    > I've looked around at various projects, but don't see
    > anything that directly addresses intra-machine
    > assured channel IPCs.  I know that the MAC capabilities
    > provided by LSM let me constrain access to things like
    > /dev/mem, and to operations performed on pipes sockets.
    > But would LSM hooks allow one process to
    > authenticate another process at the other end of a
    > standard IPC like a pipe or a shared memory segment?
    
    SE Linux (which is based on LSM) restricts access to shared memory regions, 
    unix domain sockets, pipes, etc.  In SE Linux there are system calls to 
    determine who is connecting to you by a Unix domain socket and work is in 
    progress on extending the same functionality to TCP sockets over the network.
    
    It seems that SE Linux does everything you want.
    
    Or am I misunderstanding your question?
    
    -- 
    I do not get viruses because I do not use MS software.
    If you use Outlook then please do not put my email address in your
    address-book so that WHEN you get a virus it won't use my address in the
    From field.
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Mon Sep 16 2002 - 14:20:32 PDT