Firewall blocking desktop features

Oron Peled oron at actcom.co.il
Thu Sep 12 07:01:25 UTC 2013


On Thursday 12 September 2013 08:25:21 Pierre-Yves Chibon wrote:
> > Application should request the ports to be opened and the firewalld
> > layer should then confirm with the user stating which ports and
> > which app requested said ports.  The app can't lie if the firewall
> > layer is the one asking for confirmation.
> 
> But a malicious app can pretend to be another one, unless there is a way for
> the firewall to know which app is asking in a way that cannot be forged.

But there is a way:
 * The firewall management software (firewalld?) would listen over a
   local stream socket.
 * The requesting application would connect to this socket with SO_PASSCRED
   and send its request for ports.
 * The firewall management software would ignore (and log) connections
   without SCM_CREDENTIALS.
 * with SCM_CREDETIALS you have uid, gid and pid of the caller.
 * From pid you can find the real executable (/proc/pid/cmd).

Oh, and btw, when the client closes the connection (e.g: when it terminates)
we should close the requested ports so we don't leave unused ports open for 
future malicious apps.

-- 
Oron Peled                                 Voice: +972-4-8228492
oron at actcom.co.il                  http://users.actcom.co.il/~oron
"Simplicity is prerequisite for reliability."
                        -- Edsger Wybe Dijkstra



More information about the devel mailing list