On Tue, 2006-05-09 at 12:40 -0400, James Morris wrote: > On Tue, 9 May 2006, Karl MacMillan wrote: > > > those connection, but my concern is that connection could, through error > > or exploit, be passed to another domain that should not receive packets > > from that type of connection (see below). > > Connection passing or inheritence should be subject to kernel MAC controls > anyway (also see below). > > > The use of a single related packet type loses the strong binding between > > the connection type (determined on connection) and domains, most likely > > because an established connection is passed to another process. > > > > For example, for xinetd to work all of the xinetd children would be > > allowed to receive all related packets (i.e., tracked_packet_t). This > > means that if xinetd incorrectly passed, say, an ftp connection to > > telnet it would still be allowed to receive those packets because they > > would be of type tracked_packet_t. Labeling using something like > > connmark seems to solve this problem. > > My understanding of xinetd is that it execs server applications, which > inherit the connection fd. In this case, flush_unauthorized_files() will > ensure that the new domain is authorized to access the fd. > > Stephen, can you confirm this?
That doesn't help, as that is just a check based on the socket label, which will always be based on xinetd's label and won't reflect anything about the individual connection. -- Stephen Smalley National Security Agency - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
