grsecurity forums


https://forums.grsecurity.net./

Gradm: Dns and cloud services

https://forums.grsecurity.net./viewtopic.php?f=3&t=4030

Page 1 of 1

Gradm: Dns and cloud services

PostPosted: Fri Aug 15, 2014 9:55 am
by ioJeW2
Hi,

i have a problem with gradm and domain-names with more than one ip.

My mailclient is allowed to:
Code: Select all
connect pop.googlemail.com:995 stream tcp


Which works fine.
But google has more than one ip for this name and it seems,
that gradm is resolving the names only once at start/restart.
Thus it's a game of choice if this policy works.

Is there any solution to handle this kind of problem?
Maybe a CAP_ flag, which tells gradm not to resolve before runtime?

Best regards

Re: Gradm: Dns and cloud services

PostPosted: Sun Aug 24, 2014 2:52 pm
by spender
The hostname allowance in policy is a convenience feature, used where a hostname won't have its possible list of resolved IPs changed (otherwise i'd need to delay connections in order to do DNS resolution in the kernel, which I won't add).

-Brad
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/