lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <77226ae9dc60113d1953c1f957849d6460c5096f.camel@btinternet.com>
Date:   Tue, 13 Oct 2020 17:38:16 +0100
From:   Richard Haines <richard_c_haines@...nternet.com>
To:     Paul Moore <paul@...l-moore.com>,
        Harald Welte <laforge@...monks.org>
Cc:     pablo@...filter.org, selinux@...r.kernel.org,
        linux-security-module@...r.kernel.org,
        osmocom-net-gprs@...ts.osmocom.org, netdev@...r.kernel.org,
        Stephen Smalley <stephen.smalley.work@...il.com>,
        James Morris <jmorris@...ei.org>
Subject: Re: [PATCH 3/3] selinux: Add SELinux GTP support

On Tue, 2020-10-13 at 09:55 -0400, Paul Moore wrote:
> On Mon, Oct 12, 2020 at 5:40 AM Harald Welte <laforge@...monks.org>
> wrote:
> > Hi Paul,
> > 
> > On Sun, Oct 11, 2020 at 10:09:11PM -0400, Paul Moore wrote:
> > > Harald, Pablo - I know you both suggested taking a slow iterative
> > > approach to merging functionality, perhaps you could also help
> > > those
> > > of us on the SELinux side better understand some of the common
> > > GTP use
> > > cases?
> > 
> > There really only is one use case for this code:  The GGSN or P-GW
> > function
> > in the 3GPP network architecture ...
> > 
> > Hope this helps,
> >         Harald
> 
> It does, thank you.
> 
> It looks like this patchset is not really a candidate for merging in
> its current form, but I didn't want to lose this information (both
> the
> patches and Harald's comments) so I created a GH issue to track this
> at the URL below.
> 
> * https://github.com/SELinuxProject/selinux-kernel/issues/54
> 

While I was not expecting these patches to be excepted for the current
version, the main aim was to see what LSM security services could be
implemented on possible 5G components, bearing in mind the DARPA Open
Programmable Secure 5G (OPS-5G) initiative (probably 'jumping the gun'
here a bit though). 

There is in development a 5G version of GTP at [1]. I have added the
enhanced hooks to this (plus retrieve contexts via call-backs etc.),
and have it running on 5.9, passing their tests. I'm not sure how far
this development will go, but a starter ??.

The other component that seems to be widely used in these systems is
SCTP that I added hooks to a few years ago, also TCP/UDP etc. that are
already well catered for. Also there would be a large amount of
userspace code ....

Anyway food for thought.

[1] https://github.com/PrinzOwO/gtp5g

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ