On 08/20/10 02:11 PM, YC Wang wrote:
I suspect that your UDP application did not have the SCM_UCRED
socket option set before attempting to bind to an MLP port.
Multi-level server applications are expected to respond with
the security label that was attached to the original message
from the client. UDP applications do this by getting the remote
process credentials on a recvmsg() and providing those same
credentials on a sendmsg() call. See
"Using Multilevel Ports With UDP" in
Solaris Trusted Extensions Developer's Guide
http://docs.sun.com/app/docs/doc/819-0869/mlpsandudp?l=en&a=view
Ken
Yes, you were right. Now I can bind to an MLP port with the SO_RECVUCRED option.
And I still have a question: on a Trusted Extensions gateway system,
is there any MAC-Exempt equivalent, which means packets can be
forwarded to a host with a default label dominated by the source
host's label?
Thanks
YC Wang
No.
The thought behind MAC-Exempt is to allow for "read-only"
operations to an unlabeled server that operates at a lower
security label from the client application. The message text
exchanged between the systems in both directions is controlled
as if it were marked with the unlabeled server's security
label.
There is no way for a an IP level gateway system to know what
constitutes a "read-only" request without cracking open
application level information. For this reason, Trusted
Extensions gateways enforce an exact label match when forwarding
a packet to an unlabeled node.
Ken
_______________________________________________
security-discuss mailing list
[email protected]
