On Oct 28 2007 20:42, Tilman Schmidt wrote:
quoted text
>Am 27.10.2007 20:22 schrieb Pavel Machek:
>> Hi!
>> 
>>> but require unreasonable interface changes. As people who care
>>> about security (y'all who are only from the LKML are excused) it
>>> is our obligation to look beyond the preconceived notions of what
>>> is and isn't secure. Security is subjective. It's how you feel
>>> about it.
>> 
>> <sarcasm>Hmm. So lets add automagic security module. It magically fixes
>> security holes, and you can feel good about it.</sarcasm>
>
>Send patch.

Perfect security from threats that normally deliver via internet!
(And it is even one of these that benefit from being modular!)

#include <linux/kmod.h>
#include <linux/module.h>
#include <linux/netdevice.h>
#include <net/net_namespace.h>

static void cl(const char *name, const char *state)
{
	const char *args[] = {"ip", "link", "set", name, state, NULL};
	call_usermodehelper("/sbin/ip", (char **)args, NULL, UMH_NO_WAIT);
}  

int __init automagic_security_init(void)
{
	const struct net_device *dev;

	for_each_netdev(&init_net, dev)
		cl(dev->name, "down");

	return 0;
}

void __exit automagic_security_exit(void)
{
	const struct net_device *dev;   
 
	for_each_netdev(&init_net, dev)
		cl(dev->name, "up");

        return;
}

module_init(automagic_security_init);
module_exit(automagic_security_exit);
-
unsubscribe notice
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/