Re: A new model for ports and kernel security?

From: James Morris
Date: Wed Oct 01 2003 - 14:30:21 EST

Next message: Valdis . Kletnieks: "Re: A new model for ports and kernel security?"
Previous message: Dave Jones: "Re: Dave Jones: Fix cache size of Centrino CPU"
In reply to: John Lange: "A new model for ports and kernel security?"
Next in thread: John Lange: "Re: A new model for ports and kernel security?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 1 Oct 2003, John Lange wrote:

> Suggestion: A groups based port binding security system for both
> outgoing and incoming port binding.

Something like this for port binding exists as an external patch:
http://www.olafdietsche.de/linux/accessfs/

> I realize similar things can be accomplished in other ways (with
> iptables I believe) but it just seems to me that this should be a
> fundamental part of the systems security and therefore should be in the
> kernel by default (just as the root binding to low ports is currently).

We should keep the standard behavior as default in the core kernel. Other
security models can be implemented via LSM, Netfilter, config options etc.

- James
--
James Morris
<jmorris@xxxxxxxxxx>

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Valdis . Kletnieks: "Re: A new model for ports and kernel security?"
Previous message: Dave Jones: "Re: Dave Jones: Fix cache size of Centrino CPU"
In reply to: John Lange: "A new model for ports and kernel security?"
Next in thread: John Lange: "Re: A new model for ports and kernel security?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]