| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20090421.035731.200252490.davem@davemloft.net> Date: Tue, 21 Apr 2009 03:57:31 -0700 (PDT) From: David Miller <davem@...emloft.net> To: penguin-kernel@...ove.SAKURA.ne.jp Cc: paul.moore@...com, linux-security-module@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [PATCH] LSM: Add security_socket_post_accept() and security_socket_post_recv_datagram(). From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> Date: Tue, 21 Apr 2009 19:54:06 +0900 > Paul Moore wrote: >> > The security_socket_post_accept() hook is used for not only >> > aborting TCP connections from unwanted peers but also associating client's >> > information with a process who handles that TCP connection. The task's state >> > variable definitely requires a LSM hook which is called after sock->ops-> >> > accept() call. >> >> I don't have a problem with using a socket_post_accept() hook to assign/modify >> state, however, I still not like the idea of using the socket_post_accept() >> hook to abort connections. > > What do you think that assigning/modifying state at socket_post_accept() could > fail? I have to agree with Paul. There is no sane way for the user to handle this connection being aborted, and there is no way to insert the connection back into the listening socket queue once we get to this point so we can't replay this situation either. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists