| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20090421.060404.146628527.davem@davemloft.net> Date: Tue, 21 Apr 2009 06:04:04 -0700 (PDT) From: David Miller <davem@...emloft.net> To: penguin-kernel@...ove.SAKURA.ne.jp Cc: paul.moore@...com, linux-security-module@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [PATCH] LSM: Add security_socket_post_accept() andsecurity_socket_post_recv_datagram(). From: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> Date: Tue, 21 Apr 2009 21:52:57 +0900 > David Miller wrote: >> Put this stuff in userspace, where you say it already is. The kernel >> isn't the place to dump every cool feature you want to bring in from >> userspace. > If I can do this stuff in userspace, I already put this stuff in userspace. > Access control in userspace is easily bypassed, no good for policy based > mandatory access control. The reason I propose these hooks in kernel is that > nobody can bypass these hooks. They you have to make your decisions when the packet arrives in order to not break application expected semantics. If poll() says to a listening socket that connections are available, we MUST return a connection from accept() unless there is a hard error. The current proposal is not acceptable. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists