| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 5 Feb 2010 14:28:12 +0200 From: Octavian Purdila <opurdila@...acom.com> To: Cong Wang <amwang@...hat.com> Cc: Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>, davem@...emloft.net, linux-kernel@...r.kernel.org, eric.dumazet@...il.com, linux-rdma@...r.kernel.org, netdev@...r.kernel.org, nhorman@...driver.com, linux-sctp@...r.kernel.org Subject: Re: [RFC Patch] net: reserve ports for applications using fixed port numbers On Friday 05 February 2010 08:01:43 you wrote: > >> If you can accept his version, I want to use his version (with an > >> interface for updating above "reserved_ports" by not only root user's > >> sysctl() but also MAC's policy configuration). > > > > I think that simply using an interface to update the reserved_ports from > > MAC policy configuration module wouldn't work, as root will be able to > > modify the policy via sysctl. > > > > I think that we might need to: > > > > a) have a reserved_port updater > > > > b) put a LSM hook into that > > > > c) use the reserved_port updater from sysctl > > Ideally, you'd provide an interface for port allocator to use, so > doing port reservation will be easier. > If I understand the TOMOYO requirements correctly, we need a way to restrict a user action based on some security policy (in this case the ability to clear reserved ports). Traditionally that has been done with LSM hooks, so I think that approach is preferable. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists