Inspecting some server behaviors like ssh and when the server(created by root) accepts a new connection, the socket’s so_cred remains root. Even for any user that has inherited the connection, still remains root. I’m proposing for a kernel patch to match the current process credentials with the credentials of the socket in use. Current limitation: User-based server protection with firewall is limited since anytime users inherit an accepted socket, the socket remains a root socket throughout its lifetime. Benefits of such a change: It improves user-based server protection especially with our packet filter(NPF). Proposed patch: For all socket function that use the accept socket, eg. Send, recv, write etc, the lwp passed to the system call is checked if ( lwp uid & gid != socket uid & gid) we do a fchown on the accept socket. A scoffer seeks wisdom in vain, but knowledge is easy for a man of understanding. Emmanuel |