emo/ndhc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Move DESIGN and README to root directory.

Browse Source
This commit is contained in:
Nicholas J. Kain 2010-11-12 09:39:33 -05:00
parent b2daf09c10
commit 15f6bb66ee
2 changed files with 35 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
ifchd/DESIGN → DESIGN
View File

23
ifchd/README.ifchd → README
View File

@ -1,4 +1,4 @@
ifchd, copyright (c) 2004 Nicholas Kain. Licensed under GNU GPL. ifchd, copyright (c) 2004-2010 Nicholas Kain. Licensed under GNU GPL.
Requirements: Requirements:
@ -11,9 +11,7 @@ C99-compliant C compiler (for C99 struct subobject init)
Tested with glibc 2.2.x and 2.3.x. dietlibc is not compatible. I have not yet Tested with glibc 2.2.x and 2.3.x. dietlibc is not compatible. I have not yet
tested uclibc. tested uclibc.
I may bother to port to other operating systems, but don't count on it. Other I may bother to port to other operating systems, but don't count on it.
OSes lack the functionality of a [RSBAC|SELinux]+PaX enabled kernel, so I find
them to be less useful for a highly secured system.
INTRODUCTION INTRODUCTION
------------ ------------
@ -138,22 +136,6 @@ ifchd can be set such that it only allows clients to configure particular
network interfaces. The --interface (-i) argument does the trick, and may network interfaces. The --interface (-i) argument does the trick, and may
be used multiple times to allow multiple interfaces. be used multiple times to allow multiple interfaces.
RSBAC NOTES
-----------
I was personally unable to get ifchd to properly function with RSBAC_NET_DEV
enabled. Browsing the rsbac source, I was unable to figure out what I was
doing incorrectly -- my RC definitions were as far as I could tell, correct.
Therefore, my directions assume that you have disabled RSBAC_NET_DEV in your
kernel configuration.
The normal usage directions may be followed, but an additional step for rsbac
is necessary. Change to your secoff account and invoke rsbac_fd_menu on the
ifchd and ndhc executables. The AUTH capability for your ifchd and dhcp groups
must be allowed on the corresponding executables, otherwise ifchd and ndhc will
be unable to change to a non-root user and will refuse to run.
GRSECURITY NOTES GRSECURITY NOTES
---------------- ----------------
@ -188,4 +170,3 @@ nonstandard semantics (notably Solaris). On these systems, using the
system-provided implementations may lead to security problems. Such problems system-provided implementations may lead to security problems. Such problems
are the fault of the vendor. If you are unsure whether your system is correct are the fault of the vendor. If you are unsure whether your system is correct
or not, I suggest using the implementation that I provide. or not, I suggest using the implementation that I provide.