--- Tetsuo Handa <[EMAIL PROTECTED]> wrote: > ... > > Currently, there is no way to directly map security context from incoming > packet to user process. This is because the creator or owner of a socket is > not always the receiver of an incoming packet. The userland process who > receives the incoming packet is not known until a process calls > sys_recvmsg(). > So, I want to add a LSM hook to give a security module a chance to control > after the recipient of the incoming packet is known.
Do you have a real situation where two user processes with different security contexts share a socket? How do you get into that situation, and is it appropriate to have that situation in your security scheme? Can this occur without using privilege? Casey Schaufler [EMAIL PROTECTED] -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
