Hi,
I had an idea to potentially improve security, and I think it
might be best implemented as a kernel module.
Since buffer problems are a common network (and other) security
risk, why not create a Buffer Manager (similar to PAM, in the
authentication domain), to handle all buffer requests with the
outside world?
If the manager existed after the tcp/ip stack, and before any processes
needing buffer input, then it could store the whole data as returned
by the tcp/ip stack.
When a process requests a buffer, it asks by (net) address, and includes
a buffer length. The buffer manager returns the appropriate amount of
data to the process, and then clears the address. The buffer manager
could also be set to log buffer overruns.
Have a good day/evening,
R. Ashby
ironicface -at- earthlink -dot- net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Sep 15 2002 - 22:00:16 EST