Re: Raw sockets (Re: Security Concern)

To: Matt Zimmerman <mdz@debian.org>
Cc: Nick Menchise <nmenchise@optushome.com.au>, debian-project@lists.debian.org
Subject: Re: Raw sockets (Re: Security Concern)
From: Sam Hartman <hartmans@debian.org>
Date: 05 Jul 2001 14:34:09 -0400
Message-id: <[🔎] tslvgl7mdi6.fsf@loggerhead.mekinok.com>
In-reply-to: <[🔎] 20010705042622.P3411@alcor.net>
References: <[🔎] 3B43FFD1.702021C5@optushome.com.au> <[🔎] 20010705042622.P3411@alcor.net>

>>>>> "Matt" == Matt Zimmerman <mdz@debian.org> writes:


    Matt> Restriction of raw sockets to processes with root privileges
    Matt> is the only meaningful security measure that can be applied,
    Matt> short of running the OS out of ROM.


This is not strictly true.  Mandentory access controls could provide
reasonable added security to reduce the chances that a security policy
preventing raw sockets could be violated.  A paper was presented at
last week's Usenix conference on Lomac, a open-source module from NAI
Labs that actually seemed reasonable for moderately paranoid
installations.  Unlike previous MAC proposals I had seen, I could
believe that I could get real work done with the module installed
while still seeing a security improvement.

Unfortunately, I couldn't find a website for the module.  Google
indicated several potential candidates but the ftp site on tislabs.com
and the home page on opensourcedirectory were both down at the time.

Reply to:

References:
- Security Concern
  - From: Nick Menchise <nmenchise@optushome.com.au>
- Raw sockets (Re: Security Concern)
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Info
Next by Date: Re: Raw sockets (Re: Security Concern)
Previous by thread: Raw sockets (Re: Security Concern)
Next by thread: Re: Raw sockets (Re: Security Concern)
Index(es):
- Date
- Thread