lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Fri, 30 Nov 2007 23:07:19 +0900
From:	Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
To:	sam@...ack.fr
Cc:	jmorris@...ei.org, herbert@...dor.apana.org.au,
	netdev@...r.kernel.org, davem@...emloft.net,
	linux-security-module@...r.kernel.org, kaber@...sh.net,
	netfilter-devel@...r.kernel.org, sds@...ho.nsa.gov
Subject: Re: [PATCH net-2.6.25] Add packet filtering based on process'ssecurity context.

Hello.

Thank you for feedback.

I have some questions.

(1) Your module uses "struct security_operations" and
    is registered with register_security().

    TOMOYO also uses "struct security_operations" and
    must be registered with register_security().

    Can your module and TOMOYO coexist?

(2) Can your module handle incoming UDP's datagram too?

(3) How do you handle race window between security_socket_accept()
    and sock->ops->accept()?

Samir Bellabes wrote:
> My approach is to get the informations regarding the socket from
> socket(), bind() and and accept() syscalls hooks.
> Pushing this informations to userspace. Here the user can refuse or
> accept the sycalls.

    If a socket is shared by multiple processes and
    the user said "Accept this connection" at security_socket_accept(),
    the process does not always pick up what the user wanted to pick up
    because there is no mutex between security_socket_accept() and
    sock->ops->accept().

(4) If (3) is my misunderstanding (i.e. the user doesn't judge at security_socket_accept()),
    it means that the user judges it before select() says "ready to accept".
    Then ... what happens if a socket is shared by multiple programs?
    The user has to judge without knowing which program will pick up this connection.
    TOMOYO lets the user judge whether to accept or not
    with knowing the program's name who picks up this connection.

I think getting information at socket(), bind() and accept() is helpful for detailed judgement,
but I think it doesn't solve race problem as long as the user judges *before* sock->ops->accept().

Regards.

-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists