On Tue, 30 May 2006, Evgeniy Polyakov wrote:
> On Tue, May 30, 2006 at 10:18:32AM -0400, James Morris ([EMAIL PROTECTED])
> wrote:
> > > And, btw, what is the purpose of controlling netlink messages?
> > > Does it prevent malicious userspace application to receive events from
> > > malicious kernel module?
> >
> > It provides control over which types of applications can send and receive
> > different types of Netlink messages. e.g. you can specify that Apache can
> > read the routing table but not write to it.
>
> Apache still can setup routes using ioctl or execve("ip route add/route
> add");
Depends on the policy. You can specify which types of files/sockets
apache can perform ioctl on, and whether it can execve 'ip', and if so,
which security context that runs in, and then whether that security
context can add routes.
Security in SELinux is not based on the name of the application, it's
based on the security label bound to the binary being executed.
> Anyway you can easily add lsm hook into both sending/receiving pathes in
> connector code, it fully controls the traffic before it reached socket
> queue or user's callback.
There are already LSM hooks which allow this, it's a matter of not wanting
to have to parse arbitrarily implemented Netlink protocols to determine
what the messages are.
- James
--
James Morris
<[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
