[OLPC Security] Please read the spec and the discussion first, thanks.

Albert Cahalan acahalan at gmail.com
Tue Dec 4 13:11:35 EST 2007


On Dec 3, 2007 10:58 PM, Carl-Daniel Hailfinger
<c-d.hailfinger.devel.2006 at gmx.net> wrote:
> On 01.12.2007 07:55, Albert Cahalan wrote:
> > Marcus Leech writes:

> >> Network rate limiting likely requires kernel patches that need lots
> >> of deep thought before implementing.
> >
> > Right. It's a good thing somebody did that years ago. :-)
> > (not that I think this is a critical thing to limit)
> >
> > Use the iptables command. Match on UID. You have a number of choices
> > here. The ones that look interesting are:
>
> AFAIK Netfilter UID matching has been deprecated and/or removed from
> mainline kernels.

If so, that's horrible. Mind sending the patches to restore it?
Distinct EUID and RUID would be nice, along with support
for filtering on the incoming side.

Meanwhile, OLPC is using a kernel that can be configured
to support UID matching. That'll do for now.

We can also solve the problem with SE Linux. I guess this
means that the kernel doesn't get an version change until
the Bitfrost stuff converted to SE Linux.


More information about the Security mailing list