| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Jul 2007 13:11:37 +0900 From: Tetsuo Handa <from-netdev@...ove.sakura.ne.jp> To: James Morris <jmorris@...ei.org> Cc: netdev@...r.kernel.org, linux-security-module@...r.kernel.org Subject: Re: [RFC] Allow LSM to use IP address/port number. Thank you for your comment. I have a question regarding netfilter infrastructure. I want to filter messages using "task_struct->security". Can the netfilter's queuing to userspace feature get a list of "struct task_struct" who shares a socket that is going to receive incoming messages? My approach is not "is this socket allowed to receive from xxx.xxx.xxx.xxx port yy" but "is this process allowed to receive from xxx.xxx.xxx.xxx port yy". So, my approach is not using security context associated with a socket but security context associated with a process. If I can't use netfilter, there is no chance to filter before enqueuing messages. So, I think propagating errors to the local user after dequeuing messages is the only possible way. Regards. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists