I really don't like this idea. It's certainly easier to implement than the
"nice" way, and maybe its good in the mean time, but it would require:
1. maintenance of separate source code for linux binaries (or asking the
"upstream maintainers" to insert this code)
2. reliance on the binary for behaving well - what if someone breaks in and
changes the binary not to call this?
3. the admin can't control things in an administrative way
I think a more "generic" solution would be to attach access control to
sockets, e.g. have /dev/tcp/1-65535, /dev/raw/, /dev/udp, /dev/icmp
(?) as special device files (only creat inodes for sockets with
special access control) and set the owner/group/premissions like any
other file. If such a file exists then use its permissions, if not
then resort back to the standard method (root-only for raw and TCP/UDP
sockets less than 1024, open for everyone else (?) on other sockets)
You can even link the same i-node with all ports with identical access
permissions to save inode consumption.
What do you think?
Cheers,
--Amos
--Amos Shapira | "Of course Australia was marked for
133 Shlomo Ben-Yosef st. | glory, for its people had been chosen
Jerusalem 93 805 | by the finest judges in England."
ISRAEL amos@gezernet.co.il | -- Anonymous
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu