| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 21 Apr 2009 04:40:53 -0700 (PDT) From: David Miller <davem@...emloft.net> To: penguin-kernel@...ove.SAKURA.ne.jp Cc: paul.moore@...com, linux-security-module@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [PATCH] LSM: Add security_socket_post_accept() and security_socket_post_recv_datagram(). From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> Date: Tue, 21 Apr 2009 20:39:08 +0900 > David Miller wrote: >> There is no sane way for the user to handle this connection >> being aborted, and there is no way to insert the connection >> back into the listening socket queue once we get to this >> point so we can't replay this situation either. >> > Excuse me, I couldn't catch. > > I don't have a problem that there is no way to insert the connection back into > the listening socket queue once we get to this point. I want to drop the > connection rather than pushing the connection back to the queue. I am saying that you shouldn't be dropping connections like this. You've already accepted the packet, you cannot reneg on this. You must either allow the socket to have the connection with current labels or give it a label appropriate for the socket. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists