mac_portacl(4) minor bugfix
Kenny Freeman
freeman at cs.dal.ca
Tue Jan 20 23:30:28 GMT 2004
I'm curious if there exists the functionality to have bind requests that are
allowed or denied sent to syslog or some such facility? pid and other
information would be handy.
-Kenny
On January 20, 2004 01:39 pm, Robert Watson wrote:
> On Tue, 20 Jan 2004, Simon L. Nielsen wrote:
> > The last couple of days I have been playing around with the
> > mac_portacl(4) module. I made a small test program so I can do
> > regression tests when I actually start to play around with enhancing the
> > code. I made some small tests to make sure I understod exactly how the
> > module works, and I found a small bug in the existing code.
> >
> > The security.mac.portacl.enabled sysctl doesn't do anything. I would
> > expect it to disable the modules operation, if set to 0, but the module
> > never checks the value of the sysctl. I have attached a patch that
> > fixes the problem, but I'm not sure if it's "the right way" to handle
> > it.
>
> Merged, thanks! It looks good to me.
>
> > I also found out that the mac_portacl(4) manual page doesn't really
> > describe everything about the module, so I'm working on updating it.
> > Stay tuned for a patch :-).
>
> Wonderful. Something that does need to be documented is that
> mac_portacl(4) can only control the explicit binding of ports, not
> implicit binding using '0' as a requested port. This means that the
> IP_PORTRANGE values documented in ip(4) need to be taken into account (and
> possibly set) to be in accordance with the policy.
>
> Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
> robert at fledge.watson.org Senior Research Scientist, McAfee Research
>
>
>
> To Unsubscribe: send mail to majordomo at trustedbsd.org
> with "unsubscribe trustedbsd-discuss" in the body of the message
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: signature
Url : http://lists.freebsd.org/pipermail/trustedbsd-discuss/attachments/20040120/7029336b/attachment.bin
More information about the trustedbsd-discuss
mailing list