[redhat-lspp] Labeled networking MLS constraints?
Paul Moore
paul.moore at hp.com
Tue Oct 17 15:43:43 UTC 2006
Venkat Yekkirala wrote:
>>>I'm confused here - assuming that it's a TCP connection and
>>
>>the handshake
>>
>>>packets indicate that the connection's MLS label doesn't permit
>>>communication with the process, what happens? Does the accept() call
>>>fail, or does it succeed and the socket gets created anyway
>>
>>(with the
>>
>>>connection's MLS label), but any attempt to read/write from
>>
>>the socket
>>
>>>then fails?
>>
>>You got it, the access check on the accept() call depends on
>>the context of
>>the current process/domain and the parent socket's type. Due to some
>>limitations in the placement of the LSM accept hook and the
>>nature of the
>>network stack it's just not possible with the code we have
>>today to block
>>access at the accept() syscall.
>>
>>We might be able to do this if we added/modified some LSM
>>hooks but I don't
>>think that is reasonable to expect in the RHEL5 timeframe we
>>are facing.
>
> Actually, if the incoming SYN can't be received by the listening
> socket, the handshake should fail at that point in time (as enforced
> in selinux_sock_rcv_skb). No child sock should be created. Have you
> noticed a different behavior?
I thought there was part of the initial handshake that would get skipped over by
sock_rcv_skb() because either skb->sk_socket was NULL or the socket didn't have
a SID assigned yet. If that isn't the case then I think Klaus is you're new
best friend :)
--
paul moore
linux security @ hp
More information about the redhat-lspp
mailing list