Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261501AbVEITBl (ORCPT ); Mon, 9 May 2005 15:01:41 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261503AbVEITBl (ORCPT ); Mon, 9 May 2005 15:01:41 -0400 Received: from fire.osdl.org ([65.172.181.4]:8606 "EHLO smtp.osdl.org") by vger.kernel.org with ESMTP id S261501AbVEITBe (ORCPT ); Mon, 9 May 2005 15:01:34 -0400 Date: Mon, 9 May 2005 12:01:15 -0700 From: Chris Wright To: Kristian =?iso-8859-1?Q?S=F8rensen?= Cc: Chris Friesen , James Morris , Linux Kernel Mailing List Subject: Re: Any work in implementing Secure IPC for Linux? Message-ID: <20050509190115.GA23013@shell0.pdx.osdl.net> References: <200505091940.22260.ks@linnovative.dk> <427FA3D4.1080706@nortel.com> <200505092044.29440.ks@cs.aau.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200505092044.29440.ks@cs.aau.dk> User-Agent: Mutt/1.5.6i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 935 Lines: 22 * Kristian S?rensen (ks@cs.aau.dk) wrote: > On Monday 09 May 2005 19:54, Chris Friesen wrote: > > How about unix sockets? > > --you can have sockets in the filesystem namespace with regular file > > permissions to control who is allowed to send messages to particular > > addresses > This is the same problem: Basing access control on user and group is not > enough - especially as the root-user can overrule any access control > specified by the normal DAC file attributes. If you want the application involved/aware, you can still use finer grained credentials, have a look at getpeersec. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/