Re: Any work in implementing Secure IPC for Linux?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



* Kristian S?rensen ([email protected]) wrote:
> On Monday 09 May 2005 17:00, James Morris wrote:
> > On Mon, 9 May 2005, Kristian Sørensen wrote:
> > > Does anyone here know of work being done in order to implement secure IPC
> > > for Linux?
> >
> > What do you mean by secure IPC?
> As I understand it, presently the memory for the message queue is shared based 
> on user and group ownership of the process. By "secure IPC" is meaning a 
> security mechanism that provides a more fine granularity of specifying who 
> are allowed to send (or receive) messages... and maby also a way to resolve 
> the question of "Can I trust the message I received?"

There's hooks to handle this.  See the security blob in struct
kern_ipc_perm (which is embedded in the various SysV ipc structures),
and the associated security hooks to manage the labels and provide
access control to the ipc objects.  Also, AF_UNIX is handled with
security hooks (see the unix_ hooks).  From that point forward, it's up
to you to label and enforce access control.  SELinux has some supoort
for this type of access control.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux