On 12/21/2014 05:28 PM, Björn Persson wrote:
Alternatively, cut out the packet filter and have GlibC ask the user whether the call to bind or connect shall be allowed to succeed (or automatically allow or deny the call if so configured). This has the advantage that the program is informed that it's not allowed to communicate.
glibc is the wrong place for this, and a patch in this direction has absolutely zero chance of being accepted upstream. We also ship applications which call system calls directly, not through glibc, so patching glibc would not even work at a technical level.
However, a Linux Security Module such as SELinux could audit socket creation, and provide the user with means to override the default choices. However, this will be extremely controversial (even more so than the open firewall) because it will remind people of “personal firewalls” on Windows.
-- Florian Weimer / Red Hat Product Security -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
