Hello.
Thank you for feedback.
I have some questions.
(1) Your module uses "struct security_operations" and
is registered with register_security().
TOMOYO also uses "struct security_operations" and
must be registered with register_security().
Can your module and TOMOYO coexist?
(2) Can your module handle incoming UDP's datagram too?
(3) How do you handle race window between security_socket_accept()
and sock->ops->accept()?
Samir Bellabes wrote:
> My approach is to get the informations regarding the socket from
> socket(), bind() and and accept() syscalls hooks.
> Pushing this informations to userspace. Here the user can refuse or
> accept the sycalls.
If a socket is shared by multiple processes and
the user said "Accept this connection" at security_socket_accept(),
the process does not always pick up what the user wanted to pick up
because there is no mutex between security_socket_accept() and
sock->ops->accept().
(4) If (3) is my misunderstanding (i.e. the user doesn't judge at security_socket_accept()),
it means that the user judges it before select() says "ready to accept".
Then ... what happens if a socket is shared by multiple programs?
The user has to judge without knowing which program will pick up this connection.
TOMOYO lets the user judge whether to accept or not
with knowing the program's name who picks up this connection.
I think getting information at socket(), bind() and accept() is helpful for detailed judgement,
but I think it doesn't solve race problem as long as the user judges *before* sock->ops->accept().
Regards.
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
