On Fri, 7 Mar 2008, Henning Brauer wrote:
>* Dave Anderson <[EMAIL PROTECTED]> [2008-03-07 17:34]:
>> On Fri, 7 Mar 2008, Konrad wrote:
>>
>> >>> Nice, you probably want to keep the application/kernel tag name spaces
>> >>> distinct though. Otherwise it would be easy for any local user/program
>> >>> to mess with pf.conf generated tags and bypass filtering etc. It could
>> >>> be as easy as adding a prefix ("APP_" ?) to all application generated
>> >>> tags.
>> >
>> >>actually you have a point here... sockets don't even require root.
>> >
>> >That is true, my point is that to change the tags in the kernel is not
>> >a nice way. A programm which set the tag "VPN1" and will get
>> >"APP_VPN1" ?? This is not a good behavior, IMHO.
>>
>> Why not just require that any application-generated tag must start with
>> some fixed string ("APP_" or "@" or whatever)?
>
>not enough, you don't want an app started by joe random to assign the
>same packet as, say, ftp-proxy...
Interesting point. Exactly what separation of namespaces does need to
be enforced? Applications running with root privileges presumably
should be able to set any tag. How many different namespaces are needed
for all the non-root processes, and how do they get assigned to the
appropriate namespace? Do we need one per user plus one per group to
provide flexibility while preventing interference? If so, using
prefixes like "@<user-number>U_" and "@<group_number>G_" would be
simple for both the application designer and the person crafting the pf
rules to understand. Or should this, at least for the moment, be
limited to root processes?
Dave
--
Dave Anderson
<[EMAIL PROTECTED]>
