On Oct 24 2007 13:18, Crispin Cowan wrote: >Jan Engelhardt wrote: >> On Oct 24 2007 19:11, Simon Arlott wrote: >> >>> * (I've got a list of access rules which are scanned in order until one of >>> them matches, and an array of one bit for every port for per-port default >>> allow/deny - although the latter could be removed. >>> http://svn.lp0.eu/simon/portac/trunk/) >>> >> Besides the 'feature' of inhibiting port binding, >> is not this task of blocking connections something for a firewall? >> >So now you are criticizing his module. Arguing about the merits of >security semantics. This is exactly why Linus wanted LSM, so we don't >have to have these kinds of discussions, at least not on LKML :) This was a question. I was perfectly aware that iptables alone does not prohibit binding, and there are reasons to inhibit binding. But sometimes, a coder does not know where to start - chances are, that someone else wanting to do bind(2) inhibiting is doing it with a syscall table change. Or coder did not notice that a firewall is sufficient for the task to be achieved (which is not always the case - hence the question). - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
- Follow-Ups:
- Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
- From: Casey Schaufler <[email protected]>
- Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
- References:
- Re: LSM conversion to static interface
- From: Linus Torvalds <[email protected]>
- Re: LSM conversion to static interface
- From: Andreas Gruenbacher <[email protected]>
- Re: LSM conversion to static interface
- From: Linus Torvalds <[email protected]>
- Re: LSM conversion to static interface
- From: Jan Engelhardt <[email protected]>
- Re: LSM conversion to static interface
- From: James Morris <[email protected]>
- Re: LSM conversion to static interface [revert patch]
- From: Arjan van de Ven <[email protected]>
- Re: LSM conversion to static interface [revert patch]
- From: Chris Wright <[email protected]>
- Re: LSM conversion to static interface [revert patch]
- From: Jeremy Fitzhardinge <[email protected]>
- Re: LSM conversion to static interface [revert patch]
- From: Arjan van de Ven <[email protected]>
- Linux Security *Module* Framework (Was: LSM conversion to static interface
- From: "Simon Arlott" <[email protected]>
- Re: Linux Security *Module* Framework (Was: LSM conversion to static interface
- From: Adrian Bunk <[email protected]>
- Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
- From: Simon Arlott <[email protected]>
- Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
- From: Jan Engelhardt <[email protected]>
- Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
- From: Crispin Cowan <[email protected]>
- Re: LSM conversion to static interface
- Prev by Date: RAID 10 w AHCI w NCQ = Spurius I/O error
- Next by Date: Re: [uml-devel] User Mode Linux still doesn't build in 2.6.23-final.
- Previous by thread: Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
- Next by thread: Re: Linux Security *Module* Framework (Was: LSM conversion to static interface)
- Index(es):
 |