ok, thank you for the quick answer. now everything is clear.
--
Sebastian Pfaff
Am 07.04.2009 um 18:38 schrieb Stephen Smalley:
It doesn't make sense to use a port in the local port range as a
well-defined service port since such a port can be allocated at any
time
for an unbound socket upon a send or connect. Thus, it didn't seem
useful to try to control the name binding of such ports - the port
numbers in that range (should) have no inherent meaning tied to them,
and thus spoofing them is of no interest. You can already prevent a
process from creating INET sockets altogether (create permission), or
prevent them from using bind(2) altogether (bind permission). You can
also use secmark to e.g. label all packets destined for a given port
with a given type, and then use policy to prevent receipt of such
packets on sockets in certain domains.
Regardless, if you truly wanted name_bind applied to all ports and you
wanted to avoid trivial circumvention by way of calling send* on an
unbound socket, then someone would need to modify the TCP and UDP
get_port functions to invoke a LSM hook to filter/select the ports
returned for auto-binding. Merely checking name_bind in
selinux_socket_bind() for such ports wouldn't be sufficient.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
