low-hanging fruit
Dave Jones
davej at redhat.com
Tue Aug 21 18:25:45 UTC 2007
On Mon, Aug 20, 2007 at 02:07:35AM +0200, Lennart Poettering wrote:
> > This probably needs UI love, and use of D-Bus instead of Unix sockets
> > for the admin rights, but the idea is there.
>
> Fieryfilter used the userspace QUEUE netfilter target to do its
> work. That sucked big time, because if the user didn't click away his
> dialogs quick enough the sender would repeat its packet which is
> difficult to deal with if you don't want to accumulate dialogs for the
> same packets.
>
> If someone wants to investigate the whole desktop firewall for Linux
> thing a little more I think it would make more sense to write an LSM
> module for that kernel that intercepts the socket calls (i.e,
> accept(), listen(), connect() and friends) and relays them to
> userspace for a verdict. Would be much cleaner and simpler. And would
> also be a good excuse to keep LSM in the kernel. ;-)
>
> (Hmm, that could also be integrated with PolicyKit...)
>
> Last time I looked it was difficult to stack LSMs, hence this all is
> not trivial.
Something that's coming soon is an option to use selinux without LSM
(paraphrasing, but it gets the idea across). The stacking ability of
LSMs never really worked, and has been removed now afaik.
With the removal of LSM, SELinux gets a performance increase, and
also removes a bunch of potential attack vectors.
So adding new functionality based on LSM would be a mistake.
Dave
--
http://www.codemonkey.org.uk
More information about the desktop
mailing list