On Sat, May 27, 2006 at 01:21:05PM -0400, James Morris ([EMAIL PROTECTED])
wrote:
> On Sat, 27 May 2006, James Morris wrote:
>
> > One of the problems is that different Netlink protocols bury their
> > commands at different levels, so the SELinux code has to know how how deep
> > to dig (and then do the digging) to determine exactly which command is
> > being called.
>
> Actually, a possible solution here is to completely remove all internal
> knowledge of netlink messages from SELinux and have the netfilter
> framework and protocols provide methods to determine message types and
> permissions.
>
> One of the issues still to resolve for SELinux and generic netlink is that
> we don't know what the netlink protocol for the socket really is until
> messages are sent over it, so some socket-level perms for NETLINK_GENERIC
> will have to be handed out to all potential users (although actual
> transfer of data can be mediated at a finer granularity).
Does SELinux have security handlers for each type of possible ioctls
over the world? Each ioctl number is like each netlink type of message,
but instead there is only one check per ioctl syscall as long as lsm
hook for socket's send/recv syscall.
It could be interesting and quite challenging to force all ioctl users
to have the same structure under each ioctl number so SELinux could
control for example disk geometry or time and date requests...
And, btw, what is the purpose of controlling netlink messages?
Does it prevent malicious userspace application to receive events from
malicious kernel module?
> - James
> --
> James Morris
> <[EMAIL PROTECTED]>
--
Evgeniy Polyakov
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
