Re: Any assured channel work for Linux

From: Chris Wright (chrisat_private)
Date: Tue Sep 17 2002 - 12:02:39 PDT

  • Next message: Chris Wright: "[ANNOUNCE] 2.5.35-lsm1"

    * Tim Bird (timat_private) wrote:
    > Please pardon this slightly off-topic question.
    > 
    > Does anyone know of any assured channel work going on
    > for Linux?
    > 
    > I've looked around at various projects, but don't see
    > anything that directly addresses intra-machine
    > assured channel IPCs.  I know that the MAC capabilities
    > provided by LSM let me constrain access to things like
    > /dev/mem, and to operations performed on pipes sockets.
    > But would LSM hooks allow one process to
    > authenticate another process at the other end of a
    > standard IPC like a pipe or a shared memory segment?
    
    Yes.  For example, LSM hooks allow you to associcate credentials and
    check them during shmget(2)/shmat(2).  As Russell mentioned SELinux
    implements these checks already.
    
    cheers,
    -chris
    -- 
    Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Tue Sep 17 2002 - 12:09:51 PDT