Re: Linux Security *Module* Framework (Was: LSM conversion to static interface) | KernelTrap

Re: Linux Security Module Framework (Was: LSM conversion to static interface)

view
thread

!MAILaRCHIVE_VOTE_RePLACE

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Simon Arlott <simon@...>

To: Jan Engelhardt <jengelh@...>

Cc: Adrian Bunk <bunk@...>, Chris Wright <chrisw@...>, <linux-kernel@...>, <linux-security-module@...>, Linus Torvalds <torvalds@...>, Andreas Gruenbacher <agruen@...>, Thomas Fricaccia <thomas_fricacci@...>, Jeremy Fitzhardinge <jeremy@...>, James Morris <jmorris@...>, Crispin Cowan <crispin@...>, Giacomo Catenazzi <cate@...>, Alan Cox <alan@...>

Subject: Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)

Date: Wednesday, October 24, 2007 - 2:59 pm

On 24/10/07 19:51, Jan Engelhardt wrote:
quoted text> On Oct 24 2007 19:11, Simon Arlott wrote:
>>
>>* (I've got a list of access rules which are scanned in order until one of 
>>them matches, and an array of one bit for every port for per-port default 
>>allow/deny - although the latter could be removed.
>>http://svn.lp0.eu/simon/portac/trunk/)
> 
> Besides the 'feature' of inhibiting port binding,
> is not this task of blocking connections something for a firewall?

The firewall blocks incoming connections where appropriate, yes, but it 
doesn't stop one user binding to a port that another user expected to be able 
to use. "Ownership" of ports (1-1023) shouldn't be something only root (via 
CAP_NET_BIND_SERVICE) has. Lots of services also don't have standard ports 
below 1024 and it's useful to be able to prevent users from binding to them 
too.

-- 
Simon Arlott
-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: LSM conversion to static interface, Linus Torvalds, (Wed Oct 17, 10:18 pm)

Re: Re: LSM conversion to static interface, Crispin Cowan, (Sun Oct 21, 9:12 pm)

Re: LSM conversion to static interface, Andreas Gruenbacher, (Fri Oct 19, 4:26 pm)

Re: LSM conversion to static interface, James Morris, (Fri Oct 19, 5:07 pm)

Re: LSM conversion to static interface, Linus Torvalds, (Fri Oct 19, 4:40 pm)

Re: LSM conversion to static interface, Jan Engelhardt, (Sat Oct 20, 7:05 am)

Re: LSM conversion to static interface, James Morris, (Sat Oct 20, 6:57 pm)

Re: LSM conversion to static interface, Jan Engelhardt, (Tue Oct 23, 5:13 am)

Re: LSM conversion to static interface [revert patch], Arjan van de Ven, (Tue Oct 23, 12:09 am)

Re: LSM conversion to static interface [revert patch], James Morris, (Tue Oct 23, 12:56 am)

Re: LSM conversion to static interface [revert patch], Arjan van de Ven, (Tue Oct 23, 12:57 am)

Re: LSM conversion to static interface [revert patch], Chris Wright, (Tue Oct 23, 1:16 am)

Re: LSM conversion to static interface [revert patch], Jeremy Fitzhardinge, (Tue Oct 23, 8:31 pm)

Re: LSM conversion to static interface [revert patch], Arjan van de Ven, (Wed Oct 24, 1:06 am)

Linux Security *Module* Framework (Was: LSM conversion to st..., Simon Arlott, (Wed Oct 24, 7:50 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Tetsuo Handa, (Sat Oct 27, 10:08 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Crispin Cowan, (Mon Nov 5, 2:42 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Adrian Bunk, (Wed Oct 24, 8:55 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Simon Arlott, (Wed Oct 24, 2:11 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Adrian Bunk, (Wed Oct 24, 6:31 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Tilman Schmidt, (Thu Oct 25, 7:09 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Greg KH, (Thu Oct 25, 10:56 pm)

Out-of-tree modules [was: Linux Security *Module* Framework], Jan Engelhardt, (Mon Oct 29, 7:51 pm)

Re: Out-of-tree modules [was: Linux Security *Module* Framew..., Lee Revell, (Mon Oct 29, 8:46 pm)

Re: Out-of-tree modules [was: Linux Security *Module* Framew..., Jan Engelhardt, (Mon Oct 29, 9:19 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Tilman Schmidt, (Fri Oct 26, 5:46 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Adrian Bunk, (Fri Oct 26, 7:26 pm)

eradicating out of tree modules (was: : Linux Security *Modu..., Tilman Schmidt, (Sat Oct 27, 10:47 am)

Re: eradicating out of tree modules (was: : Linux Security *..., Adrian Bunk, (Sat Oct 27, 8:55 pm)

Re: eradicating out of tree modules, Tilman Schmidt, (Sun Oct 28, 2:51 pm)

Re: eradicating out of tree modules, Adrian Bunk, (Sun Oct 28, 3:25 pm)

Re: eradicating out of tree modules, Tilman Schmidt, (Mon Oct 29, 8:29 pm)

Re: eradicating out of tree modules, linux-os (Dick Johnson), (Tue Oct 30, 9:11 am)

Re: eradicating out of tree modules, Greg KH, (Tue Oct 30, 11:30 am)

Re: eradicating out of tree modules, Xavier Bestel, (Tue Oct 30, 9:19 am)

Re: eradicating out of tree modules, Stefan Richter, (Sun Oct 28, 5:25 am)

Re: eradicating out of tree modules, Tilman Schmidt, (Sun Oct 28, 8:01 am)

Re: eradicating out of tree modules, Stefan Richter, (Sun Oct 28, 10:37 am)

Re: eradicating out of tree modules, Tilman Schmidt, (Sun Oct 28, 12:55 pm)

Re: eradicating out of tree modules, Simon Arlott, (Sun Oct 28, 10:59 am)

Re: eradicating out of tree modules, Stefan Richter, (Sat Oct 27, 1:31 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Greg KH, (Fri Oct 26, 11:58 am)

eradicating out of tree modules (was: Linux Security *Module..., Tilman Schmidt, (Sat Oct 27, 10:07 am)

Re: eradicating out of tree modules (was: Linux Security *Mo..., Adrian Bunk, (Sat Oct 27, 9:21 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Simon Arlott, (Fri Oct 26, 12:32 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Jan Engelhardt, (Fri Oct 26, 3:09 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Greg KH, (Fri Oct 26, 11:54 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Simon Arlott, (Thu Oct 25, 7:44 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Casey Schaufler, (Wed Oct 24, 6:58 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Chris Wright, (Wed Oct 24, 8:23 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Casey Schaufler, (Wed Oct 24, 9:42 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Toshiharu Harada, (Mon Oct 29, 11:23 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Jan Engelhardt, (Tue Oct 30, 4:40 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Toshiharu Harada, (Tue Oct 30, 5:21 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Crispin Cowan, (Tue Oct 30, 4:50 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Jan Engelhardt, (Tue Oct 30, 5:27 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Pavel Machek, (Sat Oct 27, 2:22 pm)

Re: Linux Security *Module* Framework, Tilman Schmidt, (Sun Oct 28, 3:42 pm)

Re: Linux Security *Module* Framework, Jan Engelhardt, (Sun Oct 28, 4:46 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Ray Lee, (Wed Oct 24, 8:35 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Bernd Petrovitsch, (Thu Oct 25, 5:19 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Ray Lee, (Thu Oct 25, 12:04 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Bernd Petrovitsch, (Tue Oct 30, 5:41 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Arjan van de Ven, (Thu Oct 25, 1:10 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Alan Cox, (Wed Oct 24, 9:41 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Crispin Cowan, (Sun Oct 28, 6:08 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Arjan van de Ven, (Mon Oct 29, 1:12 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Peter Dolding, (Sun Oct 28, 7:55 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Alan Cox, (Sun Oct 28, 6:50 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., , (Mon Nov 26, 4:42 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Ray Lee, (Thu Oct 25, 2:17 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Pavel Machek, (Sat Oct 27, 2:29 pm)

RE: Linux Security *Module* Framework (Was: LSM conversion t..., Hua Zhong, (Sun Oct 28, 3:05 pm)

RE: Linux Security *Module* Framework (Was: LSM conversion t..., Hua Zhong, (Sun Oct 28, 2:48 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Alan Cox, (Thu Oct 25, 6:21 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., , (Thu Oct 25, 11:45 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Peter Dolding, (Fri Oct 26, 1:44 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., , (Wed Oct 24, 10:11 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Peter Dolding, (Wed Oct 24, 9:26 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Adrian Bunk, (Wed Oct 24, 7:32 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Linus Torvalds, (Wed Oct 24, 7:42 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Chris Wright, (Wed Oct 24, 8:41 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Toshiharu Harada, (Mon Oct 29, 11:37 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Arjan van de Ven, (Wed Oct 24, 10:19 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Casey Schaufler, (Wed Oct 24, 9:03 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Jan Engelhardt, (Wed Oct 24, 2:51 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Crispin Cowan, (Wed Oct 24, 4:18 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Jan Engelhardt, (Wed Oct 24, 4:46 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Casey Schaufler, (Wed Oct 24, 5:29 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Simon Arlott, (Wed Oct 24, 2:59 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Jan Engelhardt, (Wed Oct 24, 3:04 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., David P. Quigley, (Wed Oct 24, 5:02 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Simon Arlott, (Thu Oct 25, 7:38 am)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Casey Schaufler, (Wed Oct 24, 5:58 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., David P. Quigley, (Wed Oct 24, 6:04 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Jan Engelhardt, (Wed Oct 24, 5:42 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Serge E. Hallyn, (Wed Oct 24, 5:37 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Kyle Moffett, (Wed Oct 24, 11:50 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., , (Wed Oct 24, 9:50 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Jan Engelhardt, (Wed Oct 24, 5:51 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., David P. Quigley, (Wed Oct 24, 6:02 pm)

Re: Linux Security *Module* Framework (Was: LSM conversion t..., Jan Engelhardt, (Wed Oct 24, 7:13 pm)

Re: LSM conversion to static interface [revert patch], Chris Wright, (Tue Oct 23, 8:32 pm)

Re: LSM conversion to static interface [revert patch], Jan Engelhardt, (Tue Oct 23, 5:10 am)

Re: LSM conversion to static interface [revert patch], Chris Wright, (Tue Oct 23, 5:13 am)

Re: LSM conversion to static interface [revert patch], Jan Engelhardt, (Tue Oct 23, 5:14 am)

Re: LSM conversion to static interface, Adrian Bunk, (Sun Oct 21, 6:59 pm)

Re: LSM conversion to static interface, Giacomo Catenazzi, (Tue Oct 23, 1:44 am)

Re: LSM conversion to static interface, Jan Engelhardt, (Tue Oct 23, 4:55 am)

Re: LSM conversion to static interface, Serge E. Hallyn, (Tue Oct 23, 11:20 am)

Re: LSM conversion to static interface, Jan Engelhardt, (Tue Oct 23, 11:28 am)

Re: LSM conversion to static interface, Serge E. Hallyn, (Tue Oct 23, 11:34 am)

Re: LSM conversion to static interface, , (Thu Oct 25, 6:23 am)

Re: LSM conversion to static interface, Giacomo A. Catenazzi, (Tue Oct 23, 5:14 am)

Re: LSM conversion to static interface, Jan Engelhardt, (Tue Oct 23, 5:18 am)

Navigation

Popular discussions


linux-kernel:
Ingo Molnar	Re: containers (was Re: -mm merge plans for 2.6.23)
Greg Kroah-Hartman	[PATCH 009/196] Chinese: add translation of sparse.txt
holzheu	Re: [RFC/PATCH] Documentation of kernel messages
Vladislav Bolkhovitin	Re: Integration of SCST in the mainstream Linux kernel
git:

linux-netdev:
Jarek Poplawski	[PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Gerrit Renker	[PATCH 27/37] dccp: Integration of dynamic feature activation - part 2 (server side)
David Miller	[GIT]: Networking
Antonio Almeida	HTB accuracy for high speed
openbsd-misc:

Colocation donated by:

Who's online

There are currently 1 user and 654 guests online.

Online users

strcmp

Syndicate