urity policy if compromised.
Regards,
Trent.
--
Trent Jaeger, Associate Professor
Pennsylvania State University, CSE Dept
346A IST Bldg, University Park, PA 16802
Email: [EMAIL PROTECTED]
Ph: (814) 865-1042, Fax: (814) 865-3176
-
To unsubscribe from this
Forgot signoff -- see below.
On Jan 6, 2006, at 10:48 AM, Trent Jaeger wrote:
Hi,
This patch contains two corrections to the LSM-IPsec Nethooks patches
previously applied.
(1) free a security context on a failed insert via xfrm_user
interface in xfrm_add_policy. Memory leak.
(2) change the
Hi,
This patch contains two corrections to the LSM-IPsec Nethooks patches
previously applied.
(1) free a security context on a failed insert via xfrm_user
interface in xfrm_add_policy. Memory leak.
(2) change the authorization of the allocation of a security context
in a xfrm_policy or xfrm_
selinuxfs.c. Do we have
a problem making this non-static? If so, I will do that.
Signed-off-by: Trent Jaeger <[EMAIL PROTECTED]>
---
include/linux/security.h | 40 +--
net/key/af_key.c |5 +
net/xfrm/xfrm_
ither did or did not use
security associations) were authorized using an unlabelled context.
Signed-off-by: Trent Jaeger <[EMAIL PROTECTED]>
---
security/selinux/Makefile|2
security/selinux/hooks.c | 39 +++
security/selinux/include/
Thanks for all your help, Herbert.
Regards,
Trent.
On Nov 17, 2005, at 8:28 PM, Herbert Xu wrote:
On Thu, Nov 17, 2005 at 06:42:29PM -0500, Trent Jaeger wrote:
Patch with sock callback lock made unconditional. Previous send
(earlier today, 11/17) was not the latest patch -- please
On Nov 17, 2005, at 8:42 PM, Chris Wright wrote:
* Trent Jaeger ([EMAIL PROTECTED]) wrote:
Patch with sock callback lock made unconditional. Previous send
(earlier today, 11/17) was not the latest patch -- please disregard
that patch.
Little heavy on KERN_DEBUG printk's. Could you
y associations) were authorized using an unlabelled context.
Signed-off-by: Trent Jaeger <[EMAIL PROTECTED]>
---
security/selinux/Makefile|2
security/selinux/hooks.c | 39 ++
security/selinux/include/av_perm_to_string.h |2
authorized using an unlabelled context.
Signed-off-by: Trent Jaeger <[EMAIL PROTECTED]>
---
security/selinux/Makefile|2
security/selinux/hooks.c | 43 +++
security/selinux/include/av_perm_to_string.h |2
security/selinux/include/av_permissi
ecurity
contexts and added SELinux access control policy entries to verify the
authorization decision. We also made sure that packets for which no
security context was supplied (which either did or did not use
security associations) were authorized using an unlabelled context.
Signed-off-by: Trent Jaeg
kernel
behavior.
Signed-off-by: Trent Jaeger <[EMAIL PROTECTED]>
---
include/linux/pfkeyv2.h | 13 ++-
include/linux/security.h | 132 +++
include/linux/xfrm.h | 29 ++
include/net/flow.h |7 -
include/net/xfrm.h | 27 +-
ne
NK_KOBJECT_UEVENT_SOCKET__IOCTL 0x0001UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__READ 0x0002UL
diff -puN /dev/null security/selinux/include/xfrm.h
--- /dev/null 2005-11-07 07:40:41.608401500 -0500
+++ linux-2.6.14-root/security/selinux/include/xfrm.h 2005-11-07
10:50:00.000
Hi,
Format modifications for Linux patch style.
Regards,
Trent.
--
This patch series implements per packet access control via the
extension of the Linux Security Modules (LSM) interface by hooks in
the XFRM and pfkey subsystems that leverage IPSec security
associa
Thanks for the comments.
I'll be mostly on vacation (moving) this week, so I will be getting back
to you after Aug 22.
Regards,
Trent.
Trent Jaeger
IBM T.J. Watson Research Center
19 Skyline Drive, Hawthorne, NY 10532
(914) 784
I see.
Yes, I need to do pfkey_sadb2xfrm_user_ctx there as well.
Regards,
Trent.
Trent Jaeger
IBM T.J. Watson Research Center
19 Skyline Drive, Hawthorne, NY 10532
(914) 784-7225, FAX (914) 784-7225
Herbert Xu <[EMAIL PROTEC
cks the latter. I think that the
conversion of the context string to a 'normalized' context struct must be
done by the LSM before we can do this check as done above.
I could hide this computation a bit better (it is also done for xfrm_user)
to clean up the code.
Regards,
Trent.
For example, we may want to prevent leakage of data from a
window in X to a remote client by setting the security context for a
socket which limits the receivers of such data.
Regards,
Trent.
PS -- This is all the questions/comments.
Tr
conditional on
CONFIG_SECURITY_NETWORK?
This is specific to CONFIG_SECURITY_NETWORK_XFRM as contexts will only be
used in that case. I will make it conditional on that instead, if that's
OK.
Regards,
Trent.
Trent Jaeger
IBM T.J.
OK. Thanks for the comments. I'll get back soon.
Regards,
Trent.
Trent Jaeger
IBM T.J. Watson Research Center
19 Skyline Drive, Hawthorne, NY 10532
(914) 784-7225, FAX (914) 784-7225
Herbert Xu <[EMAIL PROTECTED]>
08/06
nlabelled context when the policy is null, but otherwise,
this captures the intended modification.
Regards,
Trent.
--------
Trent Jaeger
IBM T.J. Watson Research Center
19 Skyline Drive, Hawthorne, NY 10532
(914) 784-7225, FAX (914) 784-7225
Another option is to pass in an 'authorizer' much like the 'resolver' is
provided by the caller.
Regards,
Trent.
--------
Trent Jaeger
IBM T.J. Watson Research Center
19 Skyline Drive, Hawthorne, NY 10532
(914) 784-7225
.
Trent Jaeger
IBM T.J. Watson Research Center
19 Skyline Drive, Hawthorne, NY 10532
(914) 784-7225, FAX (914) 784-7225
Herbert Xu <[EMAIL PROTECTED]>
07/07/2005 06:00 AM
To: Trent Jaeger/Watson/[EMAIL PROTECTED]
cc:
xt is not known until
authorization time. If we cache the sid on the flowi, then we can have a
cache entry per security association and authorize the socket to this
flowi's sid.
Can we add the sid to the flowi?
Regards,
Trent.
--------
23 matches
Mail list logo
