| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20090421.212259.213941533.davem@davemloft.net> Date: Tue, 21 Apr 2009 21:22:59 -0700 (PDT) From: David Miller <davem@...emloft.net> To: penguin-kernel@...ove.sakura.ne.jp Cc: paul.moore@...com, linux-security-module@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [PATCH] LSM: Add security_socket_post_accept() and security_socket_post_recv_datagram(). From: Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp> Date: Wed, 22 Apr 2009 10:49:42 +0900 > David Miller wrote: >> We had a similar situation with read()'s on UDP sockets. >> >> When poll() says something, it has to stick. > To adhere what poll() said (i.e. "connections are ready" or "datagrams are > ready"), security_socket_accept() and security_socket_recvmsg() hooks must be > removed. Otherwise, LSM users cannot adhere what poll() said. > > However, security_socket_accept() and security_socket_recvmsg() hooks remain > there. LSM users are already using semantics which may not adhere what poll() > said. So what does your TOMOTO stuff do if the mapping changes again and that incoming connection that became unacceptable is now acceptable? We've lost the connection, and can never get it back. These semantics don't make any sense at all, and the point at which you make your choices here is totally arbitrary. Read that carefully: the point at which you are making this drop decision is arbitrary. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists