From: Samir Bellabes <sam@synack.fr>
To: imipak@yahoo.com
Cc: linux-security-module <linux-security-module@vger.kernel.org>,
Stephan Peijnik <stephan@peijnik.at>,
netdev@vger.kernel.org, netfilter-devel@vger.kernel.org
Subject: Re: RFC: Mandatory Access Control for sockets aka "personal firewalls"
Date: Wed, 21 Jan 2009 01:54:00 +0100 [thread overview]
Message-ID: <m28wp532dz.fsf@ssh.synack.fr> (raw)
In-Reply-To: <317242.47729.qm@web31508.mail.mud.yahoo.com> (Jonathan Day's message of "Tue, 20 Jan 2009 11:46:43 -0800 (PST)")
Jonathan Day <imipak@yahoo.com> writes:
> --- On Tue, 1/20/09, Stephan Peijnik <stephan@peijnik.at> wrote:
[...]
>> This means personal firewalls should not enforce system
>> security policy,
>> but rather a per-user security policy.
>> The implementations can then add caching of decisions made
>> (ie.
>> "remember this decision") and thus not ask every
>> time a call is made.
>> Also, the only protocols to be supported are IPv4 and IPv6.
>> Adding
>> support for AF_UNIX and/or AF_NETLINK doesn't make much
>> sense, as this
>> is not network-related and would only increase the amount
>> of work a
>> personal firewall implementation has to do.
>
> I agree that Unix and Netlink would not be useful, but there are other socket types that are LAN- or WAN-based, and I'd not be too quick to implement anything that precluded them being covered. (There's a difference between designing code in a way that makes extending it hard and actually implementing other network types, so only implementing IPv4 and IPv6 on a framework that could be extended by anyone deeply passionate about other protocls makes sense -- unless implementing it that way would be so much harder that it's pointless.)
Exactly, and the cost for the kernel subsystem and the userspace low
level part should only be adding the new elements for sending usefull
informations to the userspace and wait for verdict, but the cost for the
'personnal firewall' developper is higher (how this protocol is
interacting with others ? etc etc)
>> All proposed implementations of personal firewalls until
>> now have made
>> it rather clear that the decision-making logic should be
>> placed in
>> userspace, whilst only a small piece of code communicating
>> with a
>> userspace daemon should be placed in the kernel itself.
>
> Well, it has probably not been a significant factor in anyone's decision, but it occurs to me that per-process firewalling within the kernel makes the "per-process" bit much more complicated and would not work at all using any of the zerocopy or kernel bypass networking mechanisms.
we don't need this at all, as we are in process context, syscall can
sleep.
Trust me, it's strange to have it's web browser freezing waiting for a
timeout if the userspace part doesn't reply, but if it's replying, it's
transparent.
sam
next prev parent reply other threads:[~2009-01-21 0:54 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-01-20 17:48 RFC: Mandatory Access Control for sockets aka "personal firewalls" Stephan Peijnik
2009-01-20 18:24 ` Jan Engelhardt
2009-01-20 18:56 ` Stephan Peijnik
2009-01-20 20:15 ` Samir Bellabes
2009-01-20 20:31 ` Jan Engelhardt
2009-01-20 20:53 ` Paul Moore
2009-01-20 21:42 ` Samir Bellabes
2009-01-20 21:51 ` Paul Moore
2009-01-20 19:46 ` Jonathan Day
2009-01-20 21:01 ` Paul Moore
2009-01-21 0:54 ` Samir Bellabes [this message]
2009-01-21 1:18 ` Casey Schaufler
2009-01-21 3:14 ` Samir Bellabes
2009-01-20 20:47 ` Paul Moore
2009-01-20 23:48 ` Stephan Peijnik
2009-01-21 8:18 ` Samir Bellabes
2009-01-21 14:49 ` Paul Moore
2009-01-21 0:40 ` Samir Bellabes
-- strict thread matches above, loose matches on Subject: below --
2009-01-21 7:25 Rob Meijer
2009-01-21 8:15 ` Peter Dolding
2009-01-21 8:35 ` Jan Engelhardt
2009-01-21 9:32 Rob Meijer
2009-01-21 23:28 ` Peter Dolding
2009-01-22 0:50 ` Jonathan Day
2009-01-22 0:59 ` Casey Schaufler
2009-01-22 6:29 ` Jonathan Day
2009-01-22 13:46 ` Peter Dolding
2009-01-22 17:08 ` Jonathan Day
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m28wp532dz.fsf@ssh.synack.fr \
--to=sam@synack.fr \
--cc=imipak@yahoo.com \
--cc=linux-security-module@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=stephan@peijnik.at \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).