From: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
To: James Morris <jmorris@namei.org>
Cc: netdev@vger.kernel.org, "David S. Miller" <davem@davemloft.net>,
tgraf@suug.ch, Stephen Smalley <sds@tycho.nsa.gov>
Subject: Re: Refactor Netlink connector?
Date: Tue, 30 May 2006 22:03:00 +0400 [thread overview]
Message-ID: <20060530180300.GA10293@2ka.mipt.ru> (raw)
In-Reply-To: <Pine.LNX.4.64.0605301015090.25929@d.namei>
On Tue, May 30, 2006 at 10:18:32AM -0400, James Morris (jmorris@namei.org) wrote:
> > And, btw, what is the purpose of controlling netlink messages?
> > Does it prevent malicious userspace application to receive events from
> > malicious kernel module?
>
> It provides control over which types of applications can send and receive
> different types of Netlink messages. e.g. you can specify that Apache can
> read the routing table but not write to it.
Apache still can setup routes using ioctl or execve("ip route add/route
add");
Anyway you can easily add lsm hook into both sending/receiving pathes in
connector code, it fully controls the traffic before it reached socket
queue or user's callback.
> - James
> --
> James Morris
> <jmorris@namei.org>
--
Evgeniy Polyakov
next prev parent reply other threads:[~2006-05-30 18:14 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-05-26 20:04 Refactor Netlink connector? James Morris
2006-05-26 23:06 ` Patrick McHardy
2006-05-27 13:46 ` Evgeniy Polyakov
2006-05-27 16:45 ` James Morris
2006-05-27 17:21 ` James Morris
2006-05-28 15:33 ` Evgeniy Polyakov
2006-05-29 6:36 ` David Miller
2006-05-29 12:11 ` jamal
2006-05-30 14:22 ` James Morris
2006-05-31 12:00 ` jamal
2006-05-31 13:09 ` Thomas Graf
2006-05-30 14:18 ` James Morris
2006-05-30 18:03 ` Evgeniy Polyakov [this message]
2006-05-30 18:58 ` James Morris
2006-05-30 19:09 ` Evgeniy Polyakov
2006-05-31 3:00 ` Thomas Graf
2006-05-31 12:20 ` jamal
2006-05-31 13:06 ` Thomas Graf
2006-05-31 13:22 ` jamal
2006-05-31 15:42 ` James Morris
2006-06-01 10:45 ` Thomas Graf
2006-06-01 14:24 ` James Morris
2006-06-14 12:36 ` jamal
2006-06-14 15:19 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060530180300.GA10293@2ka.mipt.ru \
--to=johnpol@2ka.mipt.ru \
--cc=davem@davemloft.net \
--cc=jmorris@namei.org \
--cc=netdev@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=tgraf@suug.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.