On Thursday 12 September 2013 08:25:21 Pierre-Yves Chibon wrote: > > Application should request the ports to be opened and the firewalld > > layer should then confirm with the user stating which ports and > > which app requested said ports. The app can't lie if the firewall > > layer is the one asking for confirmation. > > But a malicious app can pretend to be another one, unless there is a way for > the firewall to know which app is asking in a way that cannot be forged. But there is a way: * The firewall management software (firewalld?) would listen over a local stream socket. * The requesting application would connect to this socket with SO_PASSCRED and send its request for ports. * The firewall management software would ignore (and log) connections without SCM_CREDENTIALS. * with SCM_CREDETIALS you have uid, gid and pid of the caller. * From pid you can find the real executable (/proc/pid/cmd). Oh, and btw, when the client closes the connection (e.g: when it terminates) we should close the requested ports so we don't leave unused ports open for future malicious apps. -- Oron Peled Voice: +972-4-8228492 oron@xxxxxxxxxxxx http://users.actcom.co.il/~oron "Simplicity is prerequisite for reliability." -- Edsger Wybe Dijkstra -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
