Re: [PATCH] accessfs v0.6 ported to 2.5.35-lsm1 - 1/2

From: Olaf Dietsche (olaf.dietsche--list.linux-security-moduleat_private)
Date: Mon Sep 30 2002 - 07:40:41 PDT

  • Next message: Alan Cox: "Re: [RFC] LSM changes for 2.5.38"

    Stephen Smalley <sdsat_private> writes:
    
    > On Sun, 29 Sep 2002, Olaf Dietsche wrote:
    >
    >> AFAICS, it looks like you can make _additional_ checks only. You still
    >> have to grant CAP_NET_BIND_SERVICE for binding to ports below PROT_SOCK.
    >> So, this doesn't look like a viable solution for me.
    >
    > You can grant CAP_NET_BIND_SERVICE to all processes via the capable()
    > hook, and then use the socket_bind() hook to control access
    > authoritatively to ports.  It is true that SELinux only uses socket_bind
    > restrictively (to impose an additional domain-based control on port
    > binding), but you should be able to use it authoritatively as described
    > above.
    
    Of course, I can do that. I could even be more selective and do
    setcap() for those processes, which were permitted to access the
    restricted ports.
    
    But, as I wrote in my other mail, that opens access to other net
    protocols, which is not what I want. All things considered, when I use
    other protocols besides TCP/IP, this would make my system less secure
    than before.
    
    Anyway, maybe it looks like I'm nit-picking here, but I just wanted to
    make clear, why I suggested this hook. Thanks for listening.
    
    Regards, Olaf.
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Mon Sep 30 2002 - 07:41:21 PDT