* Tim Bird (timat_private) wrote: > Please pardon this slightly off-topic question. > > Does anyone know of any assured channel work going on > for Linux? > > I've looked around at various projects, but don't see > anything that directly addresses intra-machine > assured channel IPCs. I know that the MAC capabilities > provided by LSM let me constrain access to things like > /dev/mem, and to operations performed on pipes sockets. > But would LSM hooks allow one process to > authenticate another process at the other end of a > standard IPC like a pipe or a shared memory segment? Yes. For example, LSM hooks allow you to associcate credentials and check them during shmget(2)/shmat(2). As Russell mentioned SELinux implements these checks already. cheers, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Sep 17 2002 - 12:09:51 PDT