> I suspect that your UDP application did not have the SCM_UCRED > socket option set before attempting to bind to an MLP port. > > Multi-level server applications are expected to respond with > the security label that was attached to the original message > from the client. UDP applications do this by getting the remote > process credentials on a recvmsg() and providing those same > credentials on a sendmsg() call. See > > "Using Multilevel Ports With UDP" in > Solaris Trusted Extensions Developer's Guide > http://docs.sun.com/app/docs/doc/819-0869/mlpsandudp?l=en&a=view > > Ken >
Yes, you were right. Now I can bind to an MLP port with the SO_RECVUCRED option. And I still have a question: on a Trusted Extensions gateway system, is there any MAC-Exempt equivalent, which means packets can be forwarded to a host with a default label dominated by the source host's label? Thanks YC Wang _______________________________________________ security-discuss mailing list [email protected]
