linux-security-module April 2007 archive
Main Archive Page > Month Archives  > linux-security-module archives
linux-security-module: Re: [ANNOUNCE] UidBind LSM 0.2

Re: [ANNOUNCE] UidBind LSM 0.2

From: Casey Schaufler <casey_at_nospam>
Date: Mon Apr 30 2007 - 03:39:49 GMT
To: Tetsuo Handa <from-lsm@I-love.SAKURA.ne.jp>, linux-security-module@vger.kernel.org

  • Tetsuo Handa <from-lsm@I-love.SAKURA.ne.jp> wrote:

> Casey Schaufler wrote:
> > Putting access control on ports rather than sockets is a novel
> > approach. It is a lot simpler underneath and more consistant with
> > the way other object name spaces are treated.
> I prefer Novell's approach. It is easy like using iptables.

I prefer the file system name space approach to the router command line interface approach. I like using the same utilities (e.g. ls) to examine the variety of objects at my disposal.

> In TOMOYO Linux, I do in the following way.
>
> allow_network TCP bind 192.168.1.17 8081 if task.uid=1017
> allow_network UDP bind 192.168.1.17 8081 if task.uid=1017
> allow_network TCP bind 192.168.1.26 8081 if task.uid=1026
> allow_network UDP bind 192.168.1.26 8081 if task.uid=1026
>
> I wish LSM has post-accept() and post-recvmsg() hooks.
> Don't you think it's nice if administrator can limit
> client's IP addresses and ports (even if tcp-wrappers
> was bypassed due to buffer overflow) ?

Not particularly. I don't care much for putting policy in the hands of an overworked and underappreciated kid who's job description makes enforcing good security a shortcut to the layoff list. Better the underlying system should take the blame.

Casey Schaufler
casey@schaufler-ca.com
-
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html