| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <2F57DE1C-8F5F-4AE3-B61D-B1405BD0B098@mac.com> Date: Tue, 4 Sep 2007 10:13:27 -0400 From: Kyle Moffett <mrmacman_g4@....com> To: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> Cc: paul.moore@...com, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, chrisw@...s-sol.org Subject: Re: [TOMOYO 15/15] LSM expansion for TOMOYO Linux. On Sep 04, 2007, at 10:02:46, Tetsuo Handa wrote: > Hmm, I can't understand why I have to perform access control at > "enqueue" time. > > What I want to do is > allow process1 receive UDP packets from 10.0.0.1 port 1024 > allow process2 receive UDP packets from 10.0.0.2 port 2048 > when there is no guarantee that process1 and process2 are not > sharing a socket. > > If there is guarantee that process1 and process2 are not sharing a > socket, > I can do it using netfilter. Well, we used to be able to do that with netfilter but it had the same unfixable race conditions that you are presently running into and so such support was dropped by the netfilter folks. I suspect if you CC'ed netdev@...r.kernel.org you would get some very precise reasons why such filtering doesn't work. Cheers, Kyle Moffett - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists