| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 7 Jan 2009 22:34:54 -0500 From: Michael Stone <michael@...top.org> To: James Morris <jmorris@...ei.org> Cc: linux-kernel@...r.kernel.org, netdev@...r.kernel.org, linux-security-module@...r.kernel.org Subject: Re: [PATCH] Security: Implement and document RLIMIT_NETWORK. On Thu, Jan 08, 2009 at 12:22:17PM +1100, James Morris wrote: >Have you considered utilizing network namespaces [1] ? A process created >with a private network namespace has no network interfaces configured, >except loopback, which is down. Does this do what you want? The launcher >could optionally allow local IP by bringing up the loopback interface. James, This net-namespaces work sounds quite apropos to some of my other projects but I'm having trouble figuring out whether it can be used to solve my current problem. Two questions which immediately occur to me include: 1) As with the netfilter suggestions provided by Andi and Evgeniy, it seems that processes require special privileges (e.g. CAP_NET_ADMIN) in order to drop network privileges by means of entering a new net namespace. Is this correct? If so, why is it necessary or appropriate? 2) What happens if I call unshare(CLONE_NEWNET) after I've bound some sockets to an address or connected some sockets to remote endpoints? Perhaps you can help straighten me out, e.g. by pointing me at the relevant code? Thanks very much, Michael -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists