From: ebiederm@xmission.com (Eric W. Biederman)
To: Michael Stone <michael@laptop.org>
Cc: "Mark Seaborn" <mrs@mythic-beasts.com>,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
linux-security-module@vger.kernel.org,
"Andi Kleen" <andi@firstfloor.org>, "David Lang" <david@lang.hm>,
"Oliver Hartkopp" <socketcan@hartkopp.net>,
"Alan Cox" <alan@lxorguk.ukuu.org.uk>,
"Herbert Xu" <herbert@gondor.apana.org.au>,
"Valdis Kletnieks" <Valdis.Kletnieks@vt.edu>,
"Bryan Donlan" <bdonlan@gmail.com>,
"Evgeniy Polyakov" <zbr@ioremap.net>,
"C. Scott Ananian" <cscott@cscott.net>,
"James Morris" <jmorris@namei.org>,
"Bernie Innocenti" <bernie@codewiz.org>,
"Randy Dunlap" <randy.dunlap@oracle.com>,
"Américo Wang" <xiyou.wangcong@gmail.com>
Subject: Re: [PATCH 2/3] Security: Implement prctl(PR_SET_NETWORK, PR_NETWORK_OFF) semantics. (v2)
Date: Thu, 17 Dec 2009 19:57:09 -0800 [thread overview]
Message-ID: <m16385vsru.fsf@fess.ebiederm.org> (raw)
In-Reply-To: <20091218033128.GB23514@heat> (Michael Stone's message of "Thu\, 17 Dec 2009 22\:31\:28 -0500")
Michael Stone <michael@laptop.org> writes:
> Return -EPERM any time we try to __sock_create(), sys_connect(), sys_bind(),
> sys_sendmsg(), or __ptrace_may_access() from a process with PR_NETWORK_OFF set
> in current->network unless we're working on a socket which is already connected
> or on a non-abstract AF_UNIX socket.
It appears to me that the current security hooks are sufficient for what
you are doing.
The one true security module business prevents you from actually using the
security hooks, but could you create wrappers for the network security
hooks so the logic of the network stack does not need to change.
At the very least the huge separation of the test for AF_UNIX and
the test to see if it is a an anonymous AF_UNIX socket is pretty
large. Structuring the code in such a way as to keep that together would
be nice.
Eric
next prev parent reply other threads:[~2009-12-18 3:57 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1260977452-2334-1-git-send-email-michael@laptop.org>
2009-12-16 15:32 ` [PATCH] Security: Add prctl(PR_{GET,SET}_NETWORK) interface Michael Stone
2009-12-16 15:59 ` Andi Kleen
2009-12-17 1:25 ` Michael Stone
2009-12-17 8:52 ` Andi Kleen
[not found] ` <fb69ef3c0912170906t291a37c4r6c4758ddc7dd300b@mail.gmail.com>
2009-12-17 17:14 ` Andi Kleen
2009-12-17 22:58 ` Mark Seaborn
2009-12-18 3:00 ` Michael Stone
2009-12-18 3:29 ` [PATCH 1/3] Security: Add prctl(PR_{GET,SET}_NETWORK) interface. (v2) Michael Stone
2009-12-18 4:43 ` Valdis.Kletnieks
2009-12-18 15:46 ` Alan Cox
2009-12-18 16:33 ` [PATCH 1/3] Security: Add prctl(PR_{GET,SET}_NETWORK) Michael Stone
2009-12-18 17:20 ` Alan Cox
2009-12-18 17:47 ` Eric W. Biederman
2009-12-24 6:13 ` Michael Stone
2009-12-24 12:37 ` Eric W. Biederman
2009-12-24 1:42 ` [PATCH 0/3] Discarding networking privilege via LSM Michael Stone
2009-12-24 1:44 ` [PATCH 1/3] Security: Add prctl(PR_{GET,SET}_NETWORK) interface. (v3) Michael Stone
2009-12-24 4:38 ` Samir Bellabes
2009-12-24 5:44 ` Michael Stone
2009-12-24 5:51 ` Tetsuo Handa
2009-12-24 1:45 ` [PATCH 2/3] Security: Implement prctl(PR_SET_NETWORK, PR_NETWORK_OFF) semantics. (v3) Michael Stone
2009-12-24 1:45 ` [PATCH 3/3] Security: Document prctl(PR_{GET,SET}_NETWORK). (v3) Michael Stone
2009-12-25 17:09 ` [PATCH 1/3] Security: Add prctl(PR_{GET,SET}_NETWORK) Pavel Machek
2009-12-18 3:31 ` [PATCH 2/3] Security: Implement prctl(PR_SET_NETWORK, PR_NETWORK_OFF) semantics. (v2) Michael Stone
2009-12-18 3:57 ` Eric W. Biederman [this message]
2009-12-18 3:32 ` [PATCH 3/3] Security: Document prctl(PR_{GET,SET}_NETWORK). (v2) Michael Stone
2009-12-18 17:49 ` [PATCH] Security: Add prctl(PR_{GET,SET}_NETWORK) interface Stephen Hemminger
2009-12-20 17:53 ` Mark Seaborn
2009-12-17 9:25 ` Américo Wang
2009-12-17 16:28 ` Michael Stone
2009-12-17 17:23 ` Randy Dunlap
2009-12-17 17:25 ` Randy Dunlap
2009-12-16 15:32 ` [PATCH] Security: Implement prctl(PR_SET_NETWORK, PR_NETWORK_OFF) semantics Michael Stone
2009-12-17 19:18 ` Eric W. Biederman
2009-12-16 15:32 ` [PATCH] Security: Document prctl(PR_{GET,SET}_NETWORK) Michael Stone
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m16385vsru.fsf@fess.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=Valdis.Kletnieks@vt.edu \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=andi@firstfloor.org \
--cc=bdonlan@gmail.com \
--cc=bernie@codewiz.org \
--cc=cscott@cscott.net \
--cc=david@lang.hm \
--cc=herbert@gondor.apana.org.au \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=michael@laptop.org \
--cc=mrs@mythic-beasts.com \
--cc=netdev@vger.kernel.org \
--cc=randy.dunlap@oracle.com \
--cc=socketcan@hartkopp.net \
--cc=xiyou.wangcong@gmail.com \
--cc=zbr@ioremap.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).