Re: Secure-linux and standard kernel

Alan Cox (alan@lxorguk.ukuu.org.uk)
Thu, 25 Jun 1998 22:29:21 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Erik Corry: "Re: Thread implementations..."
Previous message: Rik van Riel: "glibc and kernel update"
In reply to: Vojtech Pavlik: "Re: uniform input device packets?"

> 2. reliance on the binary for behaving well - what if someone breaks in and
> changes the binary not to call this?

If your file permissions are right that would need root and its
the least of your problem then

> I think a more "generic" solution would be to attach access control to
> sockets, e.g. have /dev/tcp/1-65535, /dev/raw/, /dev/udp, /dev/icmp
> (?) as special device files (only creat inodes for sockets with

Sockets are only a microscopic fraction of the issues involved. File
permissions on socket 'dev' files is elegant but specialised to one
networking protocol alone

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Erik Corry: "Re: Thread implementations..."
Previous message: Rik van Riel: "glibc and kernel update"
In reply to: Vojtech Pavlik: "Re: uniform input device packets?"