Subject: Re: KAUTH_REQ_NETWORK_SOCKET_OPEN
To: Pavel Cahyna <pavel@NetBSD.org>
From: Steven M. Bellovin <smb@cs.columbia.edu>
List: tech-kern
Date: 01/31/2007 23:09:20
On Wed, 31 Jan 2007 23:50:55 +0100
Pavel Cahyna <pavel@NetBSD.org> wrote:
> On Wed, Jan 31, 2007 at 01:05:40PM -0600, David Young wrote:
> > On Wed, Jan 31, 2007 at 10:29:55AM +0000, Iain Hibbert wrote:
> > > On Tue, 30 Jan 2007, David Young wrote:
> > >
> > > > On Wed, Jan 31, 2007 at 01:28:26AM +0100, Joerg Sonnenberger
> > > > wrote:
> > > > > 3. Make the check honour the domain of the socket?
> > > >
> > > > ISTR I had to do that for PF_ROUTE.
> > >
> > > Yeah, I saw that hardcoded exception..
> >
> > I think the 4.4BSD model may as well get another hard-coded
> > exception.
>
> Or the restriction could be removed from the 4.4BSD model completely
> and instead, every protocol should provide a listener to allow/deny
> opening of raw sockets (or any other sockets). It is the protocol who
> knows the security implications of its raw sockets.
>
Right -- that's a decent mechanism. But how is the policy
instantiated?
--Steve Bellovin, http://www.cs.columbia.edu/~smb