From: Stephan Peijnik <stephan@peijnik.at>
To: Jan Engelhardt <jengelh@medozas.de>
Cc: linux-security-module <linux-security-module@vger.kernel.org>,
netdev@vger.kernel.org,
Netfilter Developer Mailing List
<netfilter-devel@vger.kernel.org>,
sam@synack.fr
Subject: Re: RFC: Mandatory Access Control for sockets aka "personal firewalls"
Date: Tue, 20 Jan 2009 19:56:20 +0100 [thread overview]
Message-ID: <1232477780.24943.116.camel@sp-laptop3.sp-local> (raw)
In-Reply-To: <alpine.LSU.2.00.0901201916340.516@fbirervta.pbzchgretzou.qr>
On Tue, 2009-01-20 at 19:24 +0100, Jan Engelhardt wrote:
> On Tuesday 2009-01-20 18:48, Stephan Peijnik wrote:
> >
> >A personal firewall should implement per-application mandatory access
> >control for sockets. In short this means that such a program decides
> >every time a call to either socket(), accept(), bind(), connect() or
> >listen()[...]
>
> Without reading any further (yet), that sounds like
> http://www.synack.fr/project/cn_net/cn_net.html
Yes, it does, and it's exactly that. However, as a LSM it can only be
used whilst no other LSM is enabled.
Samir Bellabes has been involved in the discussion at
linux-security-module too.
Even though I like the implementation personally I'm unsure about
whether this should be dubbed "the one" way to do this or whether there
should be an API for alternative implementations.
> >And yet another approach was suggested: hooking socket-related calls
> >directly in net/socket.c. This would mean that the personal firewall
> >code is called directly from net/socket.c and can this way work in
> >process-context, without using the LSM framework.
> >On the other hand this would add, besides the LSM calls that are in
> >place in net/socket.c a few extra calls which might not be what we want.[...]
>
> My opinion up to here would be to split LSM into the LSM category
> {selinux, apparmor, tomoyo} and the other, new LSM category
> {networking stuff}, just as a potential idea to get over the
> stacking / single LSM use issue.
The problem here is that all of your three examples do use the LSM
networking hooks too. If two functions are to be called from the LSM
core (ie. the generic LSM one and the networking-LSM one) we get pretty
much the same problem back as if we multiple generic LSMs enabled.
> >Implementations using the LSM approach are TuxGuardian [0] and snet [1].
> >Code implementing the last mentioned approach can be found in git over
> >at [2] in the sactl-direct branch.
> >
> >[0] http://tuxguardian.sourceforge.net/
>
> tuxguardian is probably regardable as obsoleted by cn_net (if it's
> finished someday, or is it?) -- Samir probably knows more.
The tuxguardian developers seem to be interested in picking up
development again and as I wrote Samir has already been involved in this
discussion.
-- Stephan
next prev parent reply other threads:[~2009-01-20 18:56 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-01-20 17:48 RFC: Mandatory Access Control for sockets aka "personal firewalls" Stephan Peijnik
2009-01-20 18:24 ` Jan Engelhardt
2009-01-20 18:56 ` Stephan Peijnik [this message]
2009-01-20 20:15 ` Samir Bellabes
2009-01-20 20:31 ` Jan Engelhardt
2009-01-20 20:53 ` Paul Moore
2009-01-20 21:42 ` Samir Bellabes
2009-01-20 21:51 ` Paul Moore
2009-01-20 19:46 ` Jonathan Day
2009-01-20 21:01 ` Paul Moore
2009-01-21 0:54 ` Samir Bellabes
2009-01-21 1:18 ` Casey Schaufler
2009-01-21 3:14 ` Samir Bellabes
2009-01-20 20:47 ` Paul Moore
2009-01-20 23:48 ` Stephan Peijnik
2009-01-21 8:18 ` Samir Bellabes
2009-01-21 14:49 ` Paul Moore
2009-01-21 0:40 ` Samir Bellabes
-- strict thread matches above, loose matches on Subject: below --
2009-01-21 7:25 Rob Meijer
2009-01-21 8:15 ` Peter Dolding
2009-01-21 8:35 ` Jan Engelhardt
2009-01-21 9:32 Rob Meijer
2009-01-21 23:28 ` Peter Dolding
2009-01-22 0:50 ` Jonathan Day
2009-01-22 0:59 ` Casey Schaufler
2009-01-22 6:29 ` Jonathan Day
2009-01-22 13:46 ` Peter Dolding
2009-01-22 17:08 ` Jonathan Day
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1232477780.24943.116.camel@sp-laptop3.sp-local \
--to=stephan@peijnik.at \
--cc=jengelh@medozas.de \
--cc=linux-security-module@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=sam@synack.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).